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Define Your Open Enterprise.” 


What does Open mean to you? Community? Security? 
Risk? Reward? Can it leverage legacy systems? 
Consolidate and simplify? Do you believe in its power 
and potential? 

Introducing Novell software for the open enterprise” 
— the only software that makes Open work for you. 
From desktop and data center to identity manage- 
ment, resource management and collaboration, our 


flexible combination of open source and commercial 


Novell. 


This is your open enterprise.” 
www.novell.com 


Copyright © 2006 Novell, Inc, All Rights Reserved. Novell, the Novell logo, ZENworks and GroupWise are registered trademarks 
SUSE, This is your open enterprise, Software for the open enterprise and Define your open enterprise are trademarks of Novell, Inc 
in the United States and other countries. All third-party trademarks are the property of their respective owners 


software delivers more than you ever imagined. The 
power to automate IT asset management. Freedom 
from single vendor lock-in. Security that keeps the 
right information safe and the right people informed. 
And the ability to connect people to performance and 
business to possibilities. So you can build an open 
enterprise that makes sense for you — and your 
future. This is Novell software for the open enterprise. 


The Open you've wanted all along. 


Online: novell.com/connectionmagazine 
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IDENTITY 
ROBBED BLIND? 
VICTIMIZATION 
BY DIGITAL 
CLONING By the 
time he was 18, Frank 
Abagnale, the leg- 
endary scam artist of 
Catch Me If You Can 
fame, flew around the 
world on someone else’s 
identity —for free. So 
what are you doing to 
keep your identity safe? 
And what about those 
you call your cus- 
tomers? What are you 
doing to keep their 
identities secure from 


| the likes of Abagnale? 


BY LAURA CHAPPELL 
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Multi-server management from a single screen 
AdRem Server Manager 5.0 


Key features: 


Monitor performance graphs of multiple NetWare servers 
in a single screen - new! 


Analyze comparative historical trends - new! 


Monitor and manage user activity, including disk space quotas, 
open files,and disk usage by users 


Schedule cross-server tasks (NLMs updates, distribution of files 
or console commands) 


Manage files (advanced searching, file salvaging/purging) ome ee 
Administer trustee rights (trustee backup/restore) Avene time Bi) Wh oats See 


Rights intottanc 


Quickly access, compare, and modify all SET variables, [eCotton ms 
Configuration and system log files : = oan 
Use it on OES and NetWare 6.x, 5.x, 4.11 SP9 and newer. rf oo nwes 
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Learn more and get your 30-day trial today at: 


www.adremsoft.com/sm AdrRem 
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All of us have personal 
identity information that 
we don’t want pub- 
lished. That information 
is held by multiple com- 
panies and ranges from 
credit card and social 
security numbers to 
medical records and 
insurance policies. 
You’d be surprised what 
they know about you. 
Have you ever wondered 
what really happens to 
your credit card number 
when you hand your card 
to ae waiter? Is he the 
only one who sees your 
personal information? Can 
ou really trust him with it? 

hat about the cashier in 
the hotel lobby? And that 
Web site where you made 
ia last purchase? Are 
they protecting your per- 
soralidenity? C6 those 
companies have process- 
es in place to keep your 

ersonal information con- 
idential? 
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Lost Your Identity to a Hacker? 


As your identity is important to you, your customers’ identities are important to them. Are 
you protecting your customers’ identity information? Well, the laws say you had better. If 
your company captures customer information of any kind, it’s increasingly your responsibility 
to protect that data. A steady stream of legislation THE EUROPEAN UNION DATA 
PROTECTION DIRECTIVE, GOVERNMENT INFORMATION SECURITY 
REFORM ACT, SARBANES-OXLEY, HEALTH INSURANCE PORTABILITY AND 
ACCOUNTABILITY ACT (HIPAA), GRAMM-LEACH-BLILEY AND OTHERS 
puts constant pressure on you to keep that data secure. ; 

0 Now Cah you protect yourse ft and your company from privacy 
breaches caused by identity theft? In Identity Robbed Blind, Laura Chappell 
shares some staggering statistics that show why you must be aware of — and guard against—iden- 
tity theft. For the fifth year in a row, identity theft was the top consumer fraud filing with the US 
Federal Trade Commission totaling almost 250,000 cases during 2004. And those are only iden 
tity thefts in the US! You need to know your company is not involved in those cases. 

Laws provide for significant financial penalties for violations. For example, HIPAA viola 
tions could cost you $250,000 and up to 10 years in prison for wrongful disclosure of 
individually identifiable health information. This article explains several ways you can protect 
yourself—and your company —from identity hackers. 

The Novell development teams have been hard at work to release new versions of three 
Novell products: 

1 SECURE LOGIN 6.0 2IDENTITY MANAGER30 3 AUDIT 2.0 

Check out Password to find out about the new Secure Login. Who What When Where 
explains the latest version of Identity Manager. And Audit explains how Novell made some 
thing great even better — Novell Audit 2.0. 

And GroupWise has some exciting developments too: it now ships with Intellisyne tech 
nology in the box so you can syne the vast majority of your company’s wireless devices to 
GroupWise. You can also get support for all those Blackberries floating around out there. 
Read article to find out all about it. 

THE NEW GLOBAL BRAINSHARE 2006 IN SALT LAKE CITY PROMISES TO 
BE THE BEST YET. With more than 20 years in the making, read A Fresh Twist on 
an Industry Favorite to find out how Novell is pushing the limit and how you can be a 
partofit. | 

And now there's even more to be a part of. With its move to Linux, Novell has become the 
open source leader. Many of you have asked what that means to you and how you can get a 
piece of the action. Go Abead. It’s Open tells you how you can get involved in that action. It’s 
easy. So dive in. There’s enough to go around. 

If you have anything on your mind or want to talk back to us, we'll always listen. E-mail the 
editor at editor@novell.com and as always, enjoy this issue of Novell Connection. 


Ron Hovsepian 
PRESIDENT & Coo, NOVELL INC. 
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Identity Robbed Blind? 


Victimization by Digital Cloning 


By Laura Chappell 


anAm estimated that between 16 and 18 years of age, 
Frank Abagnale flew more than 1 million miles for free 
and visited over 26 countries. 

Frank Abagnale’s identity scams are legendary. The subject of the 
Steven Spielberg movie, Catch Me If You Can, Frank Abagnale used 
common sense, bravado and adaptability to manipulate his identity to 
suit his needs. Today | imagine he would delve into the world of digi- 
tal identity theft, color printers and home laminators rather than use 
the PanAm decal off a model plane as he did at age 16. 

How rampant and problematic is the issue of identity theft? How is 
identity theft perpetrated? How can we protect ourselves and our 
corporations from privacy breaches caused by identity theft? 

As | am writing this article, | must admit that [ am a bit distracted 
after just winning the InfoDiamond International Sweepstakes! And 
not just once, but three times in just one month! At least that’s what the 
e-mail said. | mean really—what are the chances of that? Unfortunately 
I'm really pressed for time to collect my winnings because eBay just sent 
me a message asking me to log in immediately and provide a credit card 
number to update my account or they will cancel it. Thank goodness | 
got that Microsoft all-in-one security update so my computer is pro- 
tected against any kind of security breach. I'd hate someone to find out 
that I’m so lucky; they might try to scam me out of my winnings. Then 
how could I help that poor man in Nigeria get his money? 

Sometimes in the technical world, we have to just roll our eyes at 
some of these blatent phishing schemes. Who really falls for these 
things? Well, unfortunately on a global level, millions of people fall 
victim to these schemes each year. These scams may be focused at a 
quick fraudulent monetary gain or they can be geared toward obtain- 
ing enough personal information about a target to open or manipulate 
accounts under that person’s identity —identity theft. 

The United States Federal Trade Commission (FTC) defines 
identity theft as a fraud that is committed or attempted, using a per 
son’s identifying information without authority. 


How do these folks get your identity information? You'd never type in 
your credit card details or any other personal information on a public 
computer, right? Makes you feel a lot safer, doesn’t it? Unfortunately, 
you still have your backside hanging out in the wind—your personal 
data is maintained by numerous credit card companies and financial 
institutions. Your credit card numbers are seen every month by online 
retailers, gas station cashiers, waiters and waitresses, travel agents and 
even taxi drivers, You race to the ATM and blithely punch in your PIN 
number while that sweet looking girl next to you talks on the phone 
and shoulder surfs the PIN number you type in; she'll grab your ATM 
card later at the bar, although someone else may already have it from 
the false-front ATM machine you just used. 

The CardSystems case should have taught us a lesson: we cannot 
directly protect our own information anymore. More responsibility 
lies on the shoulders of the corporations that enter, revise, update, 
sort and search through our identity information. 

How difficult would it be for someone to reach into your mailbox 
or garbage can and snag one (or tens) of those credit card offers that 
come to you every day? 

Identity theft plagues the credit card industry like network prob- 
lems plague hacker conferences! 


> ID Theft is Hot! 
Identity theft is on the rise at an alarming rate, sitting at the top of 
the Federal Trade Commission annual list of consumer fraud filings 
for the fifth year in a row. (SEE TABLE BELOW.) When the FTC 
categorized the 635,173 complaints received in 2004, 246,570 were 
identity theft reports and 388,603 were fraud complaints. 
(The FTC releases this yearly report in January or February at 
WWW. CONSUMED, ZOU idtheft. ) 
Other findings from the report include: 
+ Identity theft reports and fraud complaints totaled more than US 
$547 million. 


The Shadowcrew Case 


November 17, 2005. One 
defendant admitted that in 
September 2004, he illegally 


“Shadowcrew.com” was one of 
the largest online centers for 
trafficking stolen credit and bank 


card numbers and identity 
information. Closed in October 
2004 by the U.S. Secret Service, 
Shadowcrew trafficked in at least 
1.5 million stolen credit and bank 
card numbers that resulted in a 
loss in excess of $4 million. Of the 
21 individuals arrested in this 
case, 12 have pled guilty as of 


acquired approximately 18 million 
e-mail accounts with associated 
user names, passwords, dates of 
birth, and other personally 
identifying information— 
approximately 60,000 of which 
included first and last name, 
gender, address, city, state, 
country and telephone number. 


The top categories of FTC-reported consumer fraud 
complaints for 2004 include: 
Category 

Internet Auctions : 16 
Shop-at-Home/Catalog Sales 8 
Internet Services and Computer Complaints 6 
Foreign Money Offers 

Prizes/Sweepstakes and Lotteries 
Advance-Fee Loans and Credit Protection 
Business Opportunities and Work-at-Home _ 
Telephone Services 

Other (miscellaneous) 7 1 
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+ Internet-related complaints accounted for 53 percent of all 
reported fraud complaints with monetary loss calculated at more 
than US $265 million. 

* Credit card fraud was the most common form of reported 
identity theft, followed by phone or utilities fraud, bank fraud and 
employment fraud. 

+ The major metropolitan areas with the highest per-capita rates of 
reported identity theft were Phoenix Mesa-Scottsdale, AZ; 
Riverside-San Bernardino- Ontario, CA; and Las Vegas-Paradise, NV. 


> Keylogging and Site Validation Techniques 

OK, we all know how people get conned through e mail and how credit 
cards can be run through skimmers that duplicate the magnetic strip. 
But what if you are tech savvy? Are you less likely to have your ID stolen? 
Not necessarily. Consider the Kinko's Keylogger case where strategically 
placed keyloggers captured everything typed into public computers. 

What can you do if you are using a public computer and you 
absolutely must enter a password or passcode? (I can't imagine a sce- 
nario where you have to do this, but let’s just say you do for a 
moment.) And how do you know if keylogging software is installed? 

Many of today’s virus detection tools automatically detect and 
remove known keylogging software; but of course, this is always a 
game of “follow the hacker.” 

One of the world’s largest financial companies, ING, introduced a 
feature called PIN Guard to help thwart these keyloggers when cus 
tomers log in to do banking transactions. Instead of typing in their PIN 
number, which would be caught by a keylogger, the customer uses a 
mouse to select the numbers and characters off the screen —a good idea 
unless someone is shoulder surfing your password. 

Financial institutions are scrambling to put solutions in place that 
verify authorized users are accessing their accounts. Bank of America 
recently introduced Sitekeys as a method to identify the computer 
the customer is using to log in. (Most users consistently log in from 
the same computer when doing online banking.) 


3 unusual credit card charges 


| U.S. Identity Theft Reporting 


If you think you're the victim of any 
type of identity theft, don't wait to 
check it out and report it. Call the 
fraud units of the three principal 
credit reporting companies. 


ane 
lo report fraud, call (800) 
525-6285 or write to RO. Box 
740250, Atlanta, GA 30374 
¢ To order a copy of your credit 
report ($8 in most states), write 
to RO. Box 740241, Atlanta, GA 
30374, or call (800) 685-1111 
* To dispute information in your 
report, call the phone number 
provided on your credit report. 
* To opt out of preapproved 
offers of credit, call (888) 567- 
8688 or write to Equifax 
Options, PO. Box 740123, 
Atlanta GA 30374 


Experian (formerly TRW) 

* To report fraud, call (888) 
EXPERIAN or (888) 397-3742, 
fax to (800) 301-7196, or write 
to PO. Box 1017, Allen, 

TX 75013. 


¢ To order a copy of your credit 
report ($8 in most states): PO. 
Box 2104, Allen TX 75013, or 
call (888) EXPERIAN. 

* To dispute information in your 
report, call the phone number 
provided on your credit report. 

* To opt out of preapproved 
offers of credit and marketing 
lists, call (800) 353-0809 or 
(888) SOPTOUT or write to RO. 
Box 919, Allen, TX 75013. 


Trans Union 

* To report fraud, call (800) 680- 
7289 or write to RO. Box 6790, 
Fullerton, CA 92634. 

* To order a copy of your credit 
report ($8 in most states), write 
to RO. Box 390, Springfield, PA 
19064 or call: (800) 888-4213. 

* To dispute information in your 
report, call the phone number 
provided on your credit report. 

* To opt out of preapproved 
offers of credit and marketing 
lists, call (800) 680-7293 or 
(888) SOPTOUT or write to RO. 
Box 97328, Jackson, MS 39238. 
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The Sitekey technology asks the user to select an image that will be 
displayed to indicate that the bank site has done some behind-the 
scenes authentication of the user’s computer. If the user approaches 
the login screen and the image is not correct or not displayed, the user 
is prompted with a series of questions in an attempt to positively 
identify them. The SiteKey technology was put in place to differenti- 
ate the true Bank of America Web site from bogus sites that might 
present a mocked-up login page to the user to capture account num- 
bers and passwords. 


> Indications of Identity Theft 

Most cases of identity theft are recognized by the consumer first. 
Some signs to watch for are: 

| unusual phone calls from creditors 

2 getting turned down unexpectedly for credit 


+ account names or passwords not working 
5 missing bills and statements 
© unusual entries in your credit records 


> Protect Yourself; Protect Your Company 

At some point it is inevitable—you'll have a credit card stolen or 

fraudulently used in your name. Here is a list of additional steps you 

can take to protect yourself: | 
| One of the best ways to protect yourself is to monitor your credit | 
reports on a regular basis. (Consider signing up for a service to 

track changes on your credit report and automatically notify you 

of those changes.) 

Shred credit card offers and financial information before throw 

ing it away. 

3 Get a safe and store checkbooks, bank statements, social security 
information, billing information and any other identity related 
information out of sight. 

+ View your electronic bank statements on a regular basis — at least 

twice a month. 

Avoid giving out your social security number. 


ioe) 
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Now what about your company? Protect it and yourself by securing 
all identity-related information, including both employee informa- 
tion and customer information. You need to protect both your 
original and backup data sets. You have a lot riding on the line: 

Limit access to all confidential information and log who accesses it. 
* Run log reports and review them with your staff. 

* Reconsider who should have access to sensitive information. 

Do the right people have access? Can too many people access it? 

* Consider auditing the entire network to look for unauthorized 
software and hardware, and for security vulnerabilities. 

+ Educate your users on the issues of identity theft and their 
responsibility to maintain the confidentiality of identity-related 
information. 

If Frank Abagnale was interested in stealing an identity today, | 
imagine he would have a field day getting a temporary job in a compa 
ny that maintains sensitive identity information. Does your 
company? He would have the latest and greatest laptop computer 
with wireless antennas to boost the signal. That would allow him to 
listen in on unsecured communications at the local Starbuck's and 
McDonald's hot spots. Trolling around on the Internet, he would find 
a plethora of information about you, me and anyone else he wants to 
research. I’m just glad he’s now on the law enforcement side. Now, if 
you'll excuse me, | need to reply to eBay and that poor Nigerian man 
that needs my help getting his money out of that foreign bank. Maybe 
there really is something in it for me. Imagine me—a millionaire! N 
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Laura is world-renowned for her work in the 
field of packet-level analysis and secu- 
rity. She ‘lives, eats and breathes” at the 
packet-level and is trusted by organiza- 
tions that include the FBI, the US Navy, 
IBM, HP. Microsoft, Novell and Cisco 
Systems. 


Laura's many presentations at Novell's 
BrainShare, HP's Enterprise Technical 
Symposium, and Microsoft's TechEd 
are consistently among the most highly 
attended and rated sessions. Her ability 
to effectively train a company’s IT and IS 
teams has resulted in millions of dollars 
of savings for many Fortune 100 com- 
panies as well as local, national and 
international law enforcement and gov- 
ernment institutions. 

Laura has written and edited numerous 
books on networking communications 
andanalysis. She provides onsite analysis 
services, consulting and training through 
the Protocol Analysis Institute. 


and student materials included on 
each of the 5 discs by visiting: 
+> www.packet-level.com/library 


Volume discounts and corporatate 
licensing available. Inquire at: 
+1.801.223.9444 or saleseinpnet.org 


Save big! The combined value of Laura's teaching expertise, 
research, writing, and course development in one great place... 


The Laura Chappell Master Library™ 
a comprehensive collection of Laura’s world-renowned 
training on Packet-Level Analysis and Network Security 


This exciting 4 DVD-ROM compilation includes: 
° 14 full days of training 
70 high-energy hours of Laura in audio/visual format 
¢ 2.500 pages of instruction 


Gain the foundational knowledge and practical training needed 
to secure and protect corporate, government and private networks 
from intruders, unscrupulous activity and ever-evolving cyber-threats. 


Volume 1 - Laura Chappell Presents...” 
EIGHT full-length courses by Laura with fully-indexed audio/visual- frases Tanne. 
Includes: presentation slides, handouts, exercises, trace files and online-access. 


35+ hours, 50+ topics organized to cover: TCP/IP Analysis & Troubleshooting, Security at the 
Packet Level (| & Il), Network Analysis (Intro & Advanced), Case Studies, Analyzers, and Tools. 


Volume 2 - Interpreting Trace Files _ : 
FIFTY narrated screen-capture videos on /nterpreting Trace Fes, aan: 
unique situations dealing with hackers, spies and unusual traffic patterns. 


You will witness Laura's expert analysis, watch her decode just what is happening in 
the packet exchanges, see what is wrong and learn how to fix it. 


Volume 3 ~ 


TWO Self-Study versions of Hands- ‘On Taine is Talent segments on 15 software 
tools, PDFs of the HOT Labs™ student manuals and Laura Chappell’s Instructional Video. 


EIGHT Podbook™ Titles (complete electronic version of original books) providing hundreds 
of insightful pages authored and edited by Laura. 


: _ Volume 4 - Laura Chappell’s Video Seminars — 


SIX full-length video training courses on Network and Packet Analysis, including electronic 
student materials, tests for each subject, over 1250 manual pages and 8 hours of video instruction. 


- Introduction to Wireless LANs: eight important, technical 
self he lessons presented by Keith Parsons of the Institute for Wireless LAN Professionals. 


Over $7,000 worth of Laura Chappell Training for only $1,999 usp 


Com 


Laura Chappell Master Library produced by: 
Institute for Network Professionals 


lete Details or Order Online: www.packet-level.com/library 
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All Eyes on ITV 


UK Broadcaster Standardizes a Diverse Environment 


By Liz Tanner 


TV is the largest commercial broadcaster in the UK, watched 

by nearly 45 million people each week. With the largest pro- 

gramming budget in Europe, ITV shows nearly 6,000 hours of 
original programming each year. 


> Challenge 

ITV was formed several years ago as the result of a merger between 
Carlton TV and Granada. As a result, the company had a variety of 
platforms, including 50 different UNIX systems, which were expen- 
sive and difficult to maintain. Updates for a range of legacy software 
and hardware were either costly or non-existent. 

The IT staff was struggling to simplify and standardize its diverse 
environment and maintain consistent uptime. A major goal for ITV 
was to consolidate and simplify its infrastructure for 6,000 users 
across 90 locations in the UK, U.S., Germany and Australia. 


> Solution 

ITV selected a number of Novell solutions as key components of its 
new infrastructure including SUSE Linux Enterprise Server, Novell 
Open Enterprise Server, a Novell identity and access management 
solution, and Novell ZENworks. 

“We chose SUSE Linux Enterprise Server because it offered the 
best overall package of support, a stable distribution of Linuy and a 
long-term relationship with a trusted partner,” said Nick Leake, 
Director of Operations and Infrastructure at ITV. “The 
Novell direction around Linux is second to none. We found 
that the combination of training, managed software releases 
and support was superior to what we could get elsewhere.” 

ITV began migrating all of its UNIX data center systems 
to SUSE Linux Enterprise Server, replacing expensive 
servers with low-cost, Intel-based hardware. The company 
runs many of its mission-critical applications on Linux, 
including many UNIX and Oracle systems, with significantly better 
uptime to keep business applications available at all times. 

“For us, running Linux in our enterprise data center makes a lot of 
sense,” said Leake. “It provides us with high levels of reliability and 
performance, as well as a low running cost. We can’t beat it.” 

ITV is realizing substantial cost savings by consolidating its servers. 
With the resulting space savings, the company can create scaled-down 
data centers at fewer locations. ITV is also reducing licensing costs by 
having fewer servers that are dedicated to specific systems, such as its 
Oracle databases. 

Novell Open Enterprise Server will allow ITV to consolidate even 
further with the ability to run file, print and mail servers on Linuy. 
With Open Enterprise Server, the company can take advantage of 
trusted Novell services on a cost-effective platform. ITV is also con 
sidering Novell Linux Desktop for many of its users. 

“We are very comfortable running enterprise systems on Linux 
and have been considering Linux on the desktop for quite some 
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time,” said Ben Goodyear, Head of Infrastructure at ITV. “We 
believe we can cut costs while offering the same user functionality. 
That is partly because Novell has done a good job of application dis- 
tribution with Novell Linux Desktop.” 

A Novell identity and access management solution helps ITV secure 
and manage user identities. All user identity information resides in 
Novell eDirectory, while Novell Identity Manager automatically syn 
chronizes information across diverse applications. Linking applications 
to eDirectory helps automate many business processes, such as HR 
services, and enhances security by giving users access to the right infor- 
mation based on their roles in the organization. 

“Novell identity management solutions are the most scalable with 
in the industry and can handle well in excess of the number of 
identities we will need to manage,” said Leake. “We are able to provide 
secure access to the freelance producers and camera operators who 
move through our organization on a regular basis.” 

ITV uses Novell ZENworks to standardize its workstations and 
manage 600 applications across a dispersed enterprise. The IT staff 
can now deliver new applications enterprise-wide in a matter of 
hours. ZENworks ties into eDirectory so ITV can deliver personal 
ized desktops to users, based on their roles within the organization. 

“We found that Novell ZENworks was superior to anything else in 
the marketplace,” said Leake. “It is an invaluable tool for a centralized 
IT staff like ours.” 


“For us, running Linux in our enterprise data 
center makes a lot of sense. It gives us high levels 
of reliability and performance, as well as a low 


running cost. We can’t beat it.” 
Nick Leake Director of Operations and Infrastructure ITV 


> Results 

By standardizing and consolidating its infrastructure with SUSE. Linux 
Enterprise Server, ITV has created a high performing and resilient envi- 
ronment. The organization is seeing substantial performance gains with 
several of its mission-critical systems and has close to and in excess of 
99.999 percent uptime for its production environment. 

Novell Open Enterprise Server running on SUSE Linuy allows 
I'TV to further consolidate file, print and mail servers to simplify 'T 
management, while significantly reducing hardware and software 
costs. A standardized environment has also simplified I'T training, 
allowing ITV to focus primarily on Linux, rather than splitting its 
training across multiple platforms. 

“Without a Novell Linux solution, we would have had some diffi 
cult decisions to make,” said Leake. “We would have had to choose an 
alternate platform that would not have offered the same level of scal- 
ability across our enterprise, or the same degree of performance and 
cost savings.” N 
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Xen and the Art of Virtualization 


Competitive Intelligence & Research Group 


By Bill Claybrook 


he concept of virtualization—“partitioning” a machine into 

multiple virtual machines (VMs) to support concurrent exe- 

cution of multiple operating systems—has been around for 
some time. Virtualization comes in the form of hardware or software. 
IBM introduced virtual hardware in the 1960s with System 360/67 
technology and has continued to develop software virtualization tech 
nology around its z/VM mainframe operating system. Today, the 
primary thrust for virtualization software comes from Microsoft, 
VMware and the Xen open source project (For x86 and x64 hardware). 

Virtualization is one of the hottest topics in all of IT. The reason? 
Each VM can run one or more workloads, and multiple VMs can be 
hosted on a single server thereby improving server utilization, reduc 
ing hardware costs and potentially software licensing costs. The 
utilization of UNIX servers is typically about 15-20 percent, and 
some machines, typically Windows machines, are underutilized 
because they are often configured to run only one application. 

IDC predicts that spending around virtualization activities will 
grow to nearly $15 billion worldwide by 2009'. Most of this spending 
will be on hardware to run virtualization software. IDC also predicts 
that more than 75 percent of all companies with over 500 employees 
are deploying virtual servers—servers that run virtualization soft 
ware. S/390, OS/400 and UNIX systems account for most of the 
customer spending on virtualized servers today, but virtualization on 
x86/x64-based Linux and Windows systems is expected to account 
for much of the future spending. 


> Virtual Machine Architectures 

Software virtualization is generally implemented via a layer of virtu- 
alization software, sometimes referred to as a VM monitor (VM M), 
that presents the illusion of many VMs. A VM consists of a guest 
operating system, one or more installed applications, management 
tools, virus-detection software and other tools, Each VM has some 
or all of the functionality of the host computer, and the guest oper- 


ating system uses drivers and other functionality from the host 

operating system. 
The partitioning of a machine to support concurrent execution of 

multiple operating systems poses several challenges: 

* VMs must be isolated from one another. 

* [tis important to support a variety of different operating systems 
to accommodate the heterogeneity of popular applications. 

* The performance overhead introduced by virtualization should be 
as small as possible. 


The predominant VM architecture today is depicted in }1GU ki I. 
The virtualization software layer manages resources between the 
host and guest operating systems. Open source Xen 2.0 and 
Microsoft Virtualization Server 2005 are examples of the virtualiza- 
tion software layer. 

FIGURE 2 presents a hypervisor-based VM architecture. Xen 3.0 is 
an example of the hypervisor technology. A hypervisor is virtualiza- 
tion software that is integrated with a host operating system, such as 
Linux or Windows. In a hypervisor-based environment, the hypervi 
sor would be booted first followed by the associated host operating 
system. The hypervisor can be viewed as sitting on top of the hard 
ware and virtualizing resources such as CPU and memory for VMs. 


> Virtualization Implementations 

In a traditional implementation of virtualization, a VM has all of the 
functionality of the host computer. This is referred to as full virtual- 
ization. It has the advantage that guest operating systems do not have 
to be modified. VMware ESX Server is an example of a full virtualiza- 
tion implementation. But there are some issues: certain operating 
system supervisor instructions must be handled by the VMM for cor 

rect virtualization, possibly resulting in a high performance cost for 
some operations such as creating a new application process. 


Figure 1. Virtual Machine Architecture 
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Source: Novell, Inc. December 2005 


Figure 2. Hypervisor-based VM Architecture 
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Another approach to virtualization is referred to as paravirtualization. Paravirtualization 
avoids the performance drawbacks of full virtualization by offering a VM abstraction simi 
lar to, but not identical to, the underlying hardware. The general approach to 
paravirtualization requires that guest operating systems be modified prior to runtime. This 
approach prohibits independence of the guest operating system and virtualization software 
layer; however, modifications aren't required for the applications. The Xen hypervisor is 
based on paravirtualization. 


> Virtualization Assists from AMD and Intel 

Intel and AMD are providing a set of hardware enhancements: Virtualization Technology 
(VT) and Pacifica’, respectively, that can help improve virtualization solutions on appropri- 
ately configured systems. In current processor architectures, all software runs in one of four 
privilege rings (ring o through ring 3). An operating system traditionally runs in ring 0, and 
applications typically run in processor ring 3. 

Because the virtualization software layer must have privileged control of platform 
resources, the usual solution prior to, say VT, is to run the layer in ring 0, and the guest oper- 
ating system in less privileged rings such as ring | or ring 3. Without elaborating, VT basically 
creates the impression that guest operating systems are running at processor ring o with the 
virtualization software layer underneath at ring -1. 


> Conclusions 

Competition in the virtualization software market has already begun to heat up with vendors rac 

ing to make changes to their virtualization licensing in attempts to remain competitive. Novell 

has the simplest virtualization policy as well as pricing that is lower than Microsoft and Red Hat. 

Its virtualization licensing policy has been in effect since August 2004 when SUSE Linux 

Enterprise Server 9 was introduced, and using one or more virtual images on a physical proces- 

sor or server does not alter the SUSE Linux Enterprise Server 9 licensing policy. For example, 

* If VMware virtualization software is hosted on Windows Server 2003 on a two- processor 
server, then one or more copies of SUSE Linux Enterprise Server 9 can run as guest 
operating systems at the cost of one subscription for SUSE Linux Enterprise Server 9 on 
a two-processor server. 

- If SUSE Linux Enterprise Server 9 is hosting Xen, then any number of SUSE Linux 
Enterprise Server 9 guests can run for the price of a single SUSE Linux Enterprise Server 9 
subscription on that server. That is, one subscription will cover the host SUSE Linux 
Enterprise Server and any number of guest SUSE Linux Enterprise Server operating systems. 


Not only does Novell have the simplest and least expensive virtualization policy, it is ahead of 
Microsoft and Red Hat in delivering the new hypervisor technology. Novell will have a support- 
ed preview of Xen 3.x hypervisor technology in SUSE Linux Enterprise Server for selected 
enterprise customers in January/February 2006 and ship Xen 3.x with the next release of SUSE 
Linux Enterprise Server. Red Hat will ship Xen 3.x hypervisor technology integrated with RHEL 5 
about six months later than Novell, and Microsoft will not have hypervisor technology available 
until the second release of Windows Longhorn Server in late 2008 or 2009. N 


[1] IDC Press Release, October 18, 2005, Increasing the Load: Virtualization Moves Beyond Proof of Concept 
in the Volume Server Market, (www.idc.com/getdoc./sp?containerld =prUS00259905). 
[2] The architecture in Figure 1 is sometimes referred to as the prehypervisor VM architecture 


[3] The Xen project team is collaborating with Intel and AMD to optimize their virtualization products to take 
advantage of VT and Pacifica 
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By Steve DuScheid and Randy Britton 


Asset Management 


Concerns about complying with software license agreements have plagued IT managers for as long as software has been around, 
The protection of intellectual property rights is a fundamental tenet of the software business. Industry watch 

dogs, such as the Business Software Alliance (BSA) and the Software and Information Industry 
Association (SITA), are placing a renewed emphasis on enforcement, collecting hundreds of 
thousands of dollars in settlements and fines on a regular basis. And software vendors, often 
through third-party firms, are more active than ever in conducting audits of their customers. 
‘Despite much of the high-minded talk from these watchdogs about honesty and stay 

ing legal, many analysts and pundits say the current software license-compliance 
campaigns are really a ploy by software vendors to generate additional rev- 
enues ina saturated market. Software vendors may generate revenue by 
forcing customers to “pay up” after an audit or even suggest that 
they move to more costly volume license programs with fewer 
tracking requirements. Regardless of the motives of software 
vendors, organizations need to take their compliance sta- 
tus seriously to avoid the very real risks associated with 
noncompliance, such as fines and embarrassing public 


relations that often accompanies software piracy. 
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> Who Are the Auditors and Where Do They Get Their 
Authority? 

In the United States, the basis for enforcing license agreements 
stems from the copyright provision (Title 17) of the U.S. Federal 
Code (and similar legislation in other jurisdictions). This federal law 
protects the works of software publishers and other intellectual 
property creators. Certain software publishers give the power of 
attorney to industry organizations (such as those mentioned) to 
enforce their rights under this law. 

The BSA and SIIA are member-driven organizations that repre- 
sent the major software vendors they comprise. BSA membership 
includes 16 large software vendors, such as Microsoft, Adobe, 
Symantec and Apple, while SITA includes hundreds of other software 
vendors from educational software to high-end CAD software and 
development tools. Novell is also a Certified Audit Software partner 
(CASP) with SHA. Regional offshoots of BSA and other independ- 
ent antipiracy organizations also exist, such as the Canadian 
Association Against Software Theft (CAAST) and in the UK, the 
Federation Against Software Theft (FAST). All of these organiza- 
tions take the position that piracy is illegal whether it’s intentional or 
accidental. They also agree that all it takes is one disgruntled employ- 
ee, past or present, to call a piracy hotline to generate an audit. 

Software audits can also be conducted by vendors themselves, 
although this generally remains the province of larger companies such 
as Microsoft, Adobe, AutoCAD and yes, even Novell. 


> Covering Your Bases—Four Steps to a Complete License 
Compliance Program 
To feel confident about your organization’s license-compliance status 


you need to have an ongoing software management program in place. 
Because software can move from PC to PC at Internet speed, an 
organization can never be 100 percent sure they are compliant at any 
point in time; however, a current, well-documented compliance pro- 
gram is the key to satisfy even the most vigilant industry watchdog. 
Developing and presenting a credible compliance program to sen 

ior management, internal audit committees and third parties requires 
covering some critical bases. 


> First Base—the Policy 

The cornerstone of any compliance program is a software manage- 

ment policy that defines organizational practices and responsibilities. 

The policy should address four key areas: 

+ Management oversight Designate a “license compliance czar,” 
the person in the organization who owns the policy and related 
enforcement activities. 

* Organizational responsibility Outline the roles of each area in 
the organization responsible for software compliance. (Include IT, 
purchasing, legal, business units and so forth.) 

* Software procurement Detail the practices that control the 
request, approval, distribution and tracking of software and its 
purchase and license records. 

* End-user accountability Prescribe acceptable purchase and usage 
procedures to ensure that employees clearly understand what is 
expected and allowed in relation to company software. Also 
include clear disciplinary action for noncompliance with the policy. 


Once you have a written policy and designated a license compliance 
czar, you have a basis for a concrete compliance program. 


Figure 1 The License View of discovered software products becomes the basis for the reconciliation between soft- 
ware inventory and licensing data. By normalizing and filtering the discovered product list as described here, the asset 
manager typically reduces the number of titles they need to reconcile by a factor of 10 when compared to other tools 


Software License View 
~250 unique titles 


ZENworks Asset Management 


* supports version roll-up (point and service releases) 
* excludes applications with no license implications 
* ignores suite components 


Software Application V View 
~500 unique title: 


Asset Inventory 


* converts file data to application view 
* reports software suite and components 
* includes both software and operations 
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Common Industry Methodology 


* provides inconsistent and inaccurate information 
* overcounts installed products 

* requires normalization 

* does not identify suites/product editions 


> Second Base—the Inventory 

It would be nice to start a compliance program from scratch, but the 

reality is you have to deal with the technology assets already in place. 

The key to getting your arms around your current assets is automat 

ed asset tracking. Manually collecting data through surveys or 

walk around audits won't ensure ongoing license compliance. ‘The 
location, user and configuration of PCs change too often to rely onan 
inventory snapshot for your compliance program; you need to track 
history as well. 

Consider and include several vital areas in your inventory: 

* Product/suite focus It is easy to be overwhelmed by reams of 
software installation data that includes lists of executable files or 
any application that was ever installed on a particular PC. It’s 
important to narrow your focus and ensure you are counting only 
real applications with licensing implications. 

Furthermore, because many applications are licensed in suites, 


And the Survey Says 


“Your risk of being audited by a software company has never been 
greater, given the large number of vendors active in the market today, 
the decrease in new license revenue and vendors’ need to find 
additional sources of revenue. Noncompliance with software usage 
rights can be extremely costly, with penalties exceeding $100,000, and 
can result in negative publicity for your company.” 

—Gartner Research, “Software License Compliance Remains a Problem 
for Many Companies” by Patricia Adams, March 24, 2005 


BSA PRESS RELEASE 

“Washington, D.C., (Wednesday, December 7, 2005)—The Business 
Software Alliance (BSA), a watchdog group representing the nation's 
leading software manufacturers, today announced that five Los Angeles- 
area organizations paid BSA a combined total of $555,403.17 to settle 
claims that they had unlicensed copies of software programs installed 
on office computers...” 


SIIA PRESS RELEASE 

“Washington, D.C.—August 4, 2005—The Software & Information 
Industry Association (SIIA), the principal trade association of the 
software industry, today announced that they awarded two 
whistleblowers $5,000 apiece for reporting their current or former 
employers continued use of pirated software to SIIA...” 


CAAST PRESS RELEASE 
“Toronto, ON—Monday, September 19, 2005—The Canadian Alliance 
Against Software Theft (CAAST) and the Business Software Alliance 
(BSA), watchdog groups representing the world's leading software 
manufacturers, today announced that ... a national Canadian 
engineering company, agreed to pay CDN $52,500 after a self-audit 
revealed that it had unlicensed copies of Adobe and Microsoft software 
| programs installed on its computers.” 


FAST PRESS RELEASE 
28 April 2005—The Federation Against Software Theft (FAST) warns 
company directors that they risk being branded ‘software thieves’ 
because of the actions of their employees, including those in the IT 
department. This warning follows The Federation's recent discovery of 
over 5,800 illegal digital music files in a software audit of 2,500 PCs at a 
UK financial services organization. 


Business Software Alliance 
(BSA)—The Business Software 
Alliance describes themselves as 
“the foremost organization 
dedicated to promoting a safe 
and legal digital world.” They are 
by far the biggest of the software 
auditors, and the most active, 
regularly conducting compliance 
awareness and enforcement 
campaigns globally. BSA 
educates consumers on software 
management and copyright 
protection, cyber security, trade, 
e-commerce and other Internet- 
related issues. BSA members 
include Adobe, Apple, Autodesk, 
Avid, Bentley Systems, Borland, 
Cadence, Cisco Systems, CNC 


| Software/Mastercam, Dell, 


| Entrust, HP IBM, Intel, Internet 


Security Systems, Macromedia, 
McAfee, Inc., Microsoft, PTC, 
RSA Security, SAP SolidWorks, 
Sybase, Symantec, Synopsys 
and UGS Corp. 


Software and Information 
Industry Association 
(SIIA)—Originally known as the 
Software Publisher's Association 
(SPA), the Software & Information 
Industry Association describe 
themselves as “the principal trade 
association for the software and 
digital content industry.” In 
addition to conducting software 
audits, SIIA also provides global 
services in government relations, 
business development, corporate 
education and intellectual property 
protection to leading software 
companies. SIIA's self-described 
mission is to promote the 
common interests of the software 
and digital content industry, 


protect the intellectual property of 


member companies, advocate a 
legal and regulatory environment 
that benefits the entire industry, 
and inform the industry and the 
broader public by serving as a 
resource on trends, technologies, 
policies and related issues that 
affect member firms. 


Federation Against 
Software Theft 

(FAST)—The Federation Against 
Software Theft (FAST) was set up 
in 1984 by the British Computer 
Society's Copyright Committee. It 
was the first software copyright 


Who are the auditors? 


organization. Its first action was to 
raise the awareness of software 
piracy and to lobby the U.K. 
Parliament for changes in the 
Copyright Act of 1956 to reflect 
the needs of software authors and 
publishers. This campaign was 
successful and it has since been 
able to influence other legislation 
that impacts on the proper 
safeguarding of software. The 
work of FAST in this area has 
directly influenced the way 
software copyright law and 
investigations are carried out in 
many other countries. 

It is also unique in that it is the 
only association in the world that 
represents both software 
publishers and end users. All the 
other associations concerned with 
software management represent 
software publishers only, and 
therefore, have an approach that 
is not geared to helping 
organizations and end users who 
are actually responsible for 
managing software. 


Software Vendors 

Under the copyright provision 
(Title 17) of the U.S. Federal Code, 
the works of software publishers 
are protected, and many have 
written provisions into their 
licensing agreements that allow 
them to conduct random audits on 
demand without prior notice. 


What relationship does 
Novell have to the auditors? 
Novell is a member of SIIA and 
FAST, and Novell is a Certified 
Audit Software partner (CASP) with 
SIIA. Novell has an agreement with 
BSA to offer a free 90-day eval of 
ZENworks Asset Management 
through the BSA Web site. Novell 
does not share user information or 
auditing data with any of the 
auditing agencies. Audits 
conducted with ZENworks Asset 
Management are accepted by all 
of the auditing organizations and 
Novell has established long-term 
relationships with them to ensure 
that its products are developed to 
meet their standards. Novell has 
more than 15 years as a vendor of 
software auditing tools and as an 
independent source of information 
on licensing-related topics. 
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software managers must overlay a suite view to the list of 
individual applications to determine true license position and to 
effectively negotiate with vendors. 

+ User demographics In the world of software compliance, the 
exceptions always require follow-up. To be able to effectively 
address exceptions, software managers must understand not only 


how many installations have been discovered, but also which users 


and departments have the applications. When this information is 
tied directly to the asset inventory, managers can identify how to 


take corrective action, if needed. 


* Application details Unless you can determine the exact version, 
and in some cases, the specific software serial number, you won't 
know if the installed software matches your license agreements. 
The problem with some software audit tools is they read version 
information from unreliable source files, such as the executable 
file header information. This skews results. 

* Reporting Accurate data is useless if you don’t report it in a clear 
and concise way. Compliance reports should provide necessary 
details such as version, language information and serial numbers, 
and be able to summarize data by department, site and/or 


software suite, for instance. 


Once you have your inventory in hand, there are also other 


considerations: 


> License Allocation 


While legal compliance is generally relevant at a corporate level, day-to- 
day license management often requires tying licenses to organizational 
units (site, department or cost center) and even to individual worksta- 
tions in some cases. Novell ZENworks Asset Management allows you 
to break down overall license quantities and allocate them to specific 
groups or workstations. ZENworks Asset Management not only iden- 
tifies risk issues and cost-savings opportunities, but also gives you 


granular views to take action. It allows you to determine: 

+ which departments have more installations than allocated licenses 

+ which high-priced applications are installed on workstations with 
no allocation 

+ which workstations within a cost center are consuming allocated 
licenses but do not have particular software installed. 


And if you have not kept records that would indicate how to allocate 
licenses, ZENworks Asset Management includes a set of wizards to 
help establish baselines from which to manage allocations. 


> Purchasing Standards 

Just about every organization strives for an environment where stan- 
dards are part of day-to-day operating procedures. Standards come 
into play in numerous areas. Some relate to specific configurations 
and images, while others relate to approved software applications at 
an organization level. 

ZENworks Asset Management helps you set and manage a list of 
approved applications for your organization. You can simply create an 
approved list or get more specific and create a set of standards categories, 
for example, Standard, VP Approval, and Policy Violation. Either way, 
you can track purchasing standards and report on exceptions. 


> Third Base—the Reconciliation 
Once you have a solid inventory, it must be reconciled to your pur- 
chase and license information. Industry experts recommend that you 
use certain documentation as primary proof-of-ownership: 
* invoices 
+ purchase records 

The actual reconciliation process must account for the terms of 
volume purchase and suite agreements as well as copies purchased at 
the local retail outlet. The reconciliation process is immensely more 
manageable with inventory information that isolates products and 


The License View 


Unlike most configuration and 
asset management tools, 
ZENworks Asset Management 
employs a number of 
sophisticated techniques to 
ensure that your software 
inventory is complete, accurate, 
normalized and tuned for license 
compliance reconciliation and 
reporting. The key to providing a 
“License View” of software 
discovered on your network is the 
ZENworks Asset Management 
Knowledgebase. This 
Knowledgebase is built and 
maintained by our team of 
Technology Analysts, who add 
and code hundreds of products 


each month. The Knowledgebase, 


which is updated monthly, 

provides a set of filters that create 

the License View, which: 

* rolls up point releases and 
service packs 

* excludes titles with no license 
implication 

* ignores suite components when 
installed as part of the suite 

* identifies standalone suite 
components when installed 
outside of the suite 

* distinguishes between full and 
runtime editions. Actually, this 
is just part of the application 
view, or in other words, basic 
software inventory. It is also 
starting to distinguish eval/trial 
software from full product. 


Application Usage 
Compliance *plus* savings 


Another facet of compliance and 
software asset management is 
application usage trend analysis. 
With ZENworks Asset 
Management, application usage 
tracking occurs at the workstation 
level and captures the following 
information for both locally-run 
and server-run applications: 
* daily total run-time 
* daily active 

(foreground window) time 
* workstation 
* user 


Combined with the compliance 
status, this information provides 


another key perspective for 
decision making. For instance, in 
under-licensing scenarios, it may 
be possible to uninstall the 
applications from workstations 
where they have not been used 
for an extended period of time. 

ZENworks Asset Management 
not only enables tracking of suites 
at the suite level for license 
reconciliation, but also at the 
underlying component level to 
allow for usage analysis. This can 
be useful for determining if 
employees are using all 
components of the suite and if 
not, to implement a plan to 
provision them with a more limited 
suite edition. 
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product suites, manufacturers and serial numbers. With this level of 


accurate information, you can demonstrate your compliance status 
with confidence. 

ZENworks Asset Management includes an autoreconciliation fea- 
ture that attempts to match discovered products to purchased 
products using a number of text matching algorithms. You can also 
use the antareconciliacion process to create a set of licenses based on 
the normalized manufacturer and product names contained in the 
ZENworks Asset Management Knowledgebase. ZENworks Asset 
Management also has connectors to purchasing information from 
major software resellers such as SHI, SoftChoice and Software 
Spectrum. 

Once discovered, and after catalog products are linked to a com- 
mon. license, you get an immediate picture of over- and 
under licensed situations. The ZENworks Asset Management com- 
pliance report represents a near real-time view of potential risk and 
cost-savings scenarios because: 

* discovery data is constantly updated as scheduled inventories 
occur, and 

license quantities are updated as purchase records are imported. 


> Home—the Enforcement Zone 


Once the initial inventory and reconciliation is complete, the focus of 


the software manager should shift to enforcing policies and keeping 
the program current. The best way to ensure that your organization 
keeps the lid on illegal software is to tightly control the procurement 
and distribution process, and to maintain an automated inventory. 


Even software that comes in through legitimate channels can find its 
way onto more computers than intended if not controlled properly. 
Unfortunately, software also comes into organizations through the 
back door, and only through a vigilant inventory process will you 
know what is actually installed in your organization. 

Software managers should also look to the internal audit group for 
an independent review of policies and practices. This will not only 
allow the program to be fine tuned, but will also help prove diligence 
to external parties. 

Implementing a software compliance program is not necessarily 
easy, but following these steps and using the right tools can keep you 
on track and focused on the critical elements of the program. 


> Proven Technology—Accurate and Reliable 

The release of ZENworks Asset Management and its award-winning 
asset tracking and discovery tools provide unmatched accuracy for a 
true accounting of your hardware and software assets. ZENworks 
Asset Management reports on the full range of IT devices: servers and 
routers, desktops and handhelds—and the software running them. 
ZENworks Asset Management can scale to your environment— 
whether you have PCs at one location or all over the world. 

With powerful software usage and license tracking, ZENworks Asset 
Management will allow you to cut the costs associated with end-user 
support and reduce your legal exposure with simplified management of 
software license compliance. Combined with the strengths of the 
ZENworks 7 Suite, Novell is helping to ensure that your IT environ- 
ment is stable, secure and reliable — today and in the future. N 
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n today’s enterprise, downtime costs money, and a simple 
outage can result in hours of work and business lost. Fortunately for 
SUSE Linux users, Novell SUSE Linux Enterprise Server 9 contains 
Linux High Availability (HA) services. 

HA services are provided by a specialized set of applications that run 
ona SUSE Linux Enterprise Server 9 server. These programs commu- 
nicate with a redundant server (we'll call it a node) on the network, and 
initiate failover processes when the node becomes unavailable. HA 
services enables you to quickly and easily configure systems to provide 
automatic service redundancy in the case of a hardware failure. 

The heartbeat package provides HA services, and is relatively easy 
to configure and manage. In this article we'll discuss some of the 
advantages of HA services, and how to configure and test them. In 
particular, we'll set up a redundant node to take over serving Web 
pages when the main node fails. 


> Configuring the Hardware 

The basic premise behind using Linux HA services is that two nodes 
monitor each other and when the active node becomes unavailable, 
the passive one takes over. This monitoring is typically done using 
redundant connections, so even if the primary network goes down, 
the services don’t start failing over. 

In our example, we'll set up HA monitoring to use a NIC card 
(we'll use a crossover Ethernet cable to connect the two systems), and 
a null-modem cable connecting the serial ports of the two servers. 
(We can use the /dev/ttySo device to communicate between the two 
systems.) By providing two means of communications, we'll ensure 
that a single cable failure won't disrupt intranode communication and 
cause services to fail over. 

When configuring network interfaces, if at all possible, segregate 
your working network from the network you use for intranode com- 
munication. This helps to ensure that network issues, such as a 
problem with a switch or unusually heavy network load, won't trigger 
a service fail over. You minimize the points of failure by placing the 
two nodes on a separate, dedicated network. The best solution is to 
use a crossover Ethernet cable and a couple of NICs. Configure your 
network addresses as appropriate for a point to point network. 


> Prepare the Services 

HA-supported Services are started as part of the HA initialization 
process—not the normal system initialization. To ensure they aren't 
started twice, and more importantly, that they don’t start unless they 
are needed, remove the services from the normal system startup. The 
insserv -d apache2 command removes Apache (Web server) from 
the normal system initialization. Instead, Apache will be started by 
the HA services that we configure next. 
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> Installing the Heartbeat Packages 

HA services are provided by three heartbeat packages: 
* heartbeat 

+ heartbeat-stonith 

* heartbeat-pils 


These packages provide the base HA functionality. If you want to set 
up HA using YaST) use the yast2-heartbeat package because it 
has the YaST module you need to configure HA. 


> Configuring High Availability 

You can configure HA services using the SUSE Linux Enterprise 
Server 9 YaST GUI, which creates & modifies the configuration files 
in the /ete/ha.d directory. After you install the required packages, 
start YaST; and select the High Availability module from the System 
section. Or you can use the yast2 heartbeat command to start the 
module directly. 

Typically, you configure HA services to start when the system 
boots; this allows the system to recover automatically when a problem 
occurs and, optionally, reassert control over the redundant service. If 
HA services aren’t started, messaging between the two nodes won't 
occur and the services we’ve configured won't start. 

From the Start-up Configuration screen, select On under Booting. 
(SEE FiGERE 1.) Normally, you can start the HA services from this 
screen, but in this case we haven't yet configured the HA services. 
Select Next to configure HA services. After you've finished configur- 
ing the service, you can use the rcheartbeat start command (on 
both servers) to initiate HA services. 

HA services work between two nodes, so you need to specify the 
other node for this HA cluster. Later, when we configure redundant 


Small Expense, Big Returns 


You can couple HA with Distributed Replicated Block Devices (DRBD), 
which allow file system mirroring over a network, and allows redundant file 
systems as well as services. Coupled with MySQL or PostgreSQL 
clustering solutions, HA can provide clustered MySQL and 
PostgreSQL databases with High Availability. 

These solutions allow Linux systems to provide database, file and 
other services with a high degree of availability at a fairly low cost. So 
let your imagination wander. Using SUSE Linux Enterprise Server 9 
and its Linux High Availability services, you can put a HA solution into 
place without much expense that will pay off big when you have that 
eventual system failure. 


The basic premise behind using Linux HA services is that two nodes 
monitor each other and when the active node becomes unavailable, 
the passive one takes over. 


This monitoring is ioe eae using 


redundant connections, so even | 
the services don't stan 


services, make sure that the node names match the output of uname 
n exactly; HA services won't start unless the host name matches the 
configuration file exactly. (SEE FIGURE 2.) 

Once you've defined the hosts that will be used for the HA cluster, 
specify how they will communicate (the heartbeat). If you recall, 
we're using two methods: the /dev/ttySo (serial port with a null 
modem cable) and the network. While it’s possible to add more meth- 
ods (and later we'll see how we can add more checks to ensure systems 
are available), two are generally sufficient for most configurations. 
Select the media you'll use for communication and click Add. Keep 
adding media settings until you've added all of the settings you need. 
(SEE FIGURE 3.) 

To ensure that heartbeat messages are co-opted or forged, you can 
use an authentication key. Without a key, messages will be sent with a 
simple checksum to ensure they arrive intact, but without any special 
identification information. 

In this case, where our communication medium is a secure net 
work, a simple checksum is sufficient and less resource intensive; 


the Perey network goes down, 
failing over. 


however, when HA communication occurs over an insecure network, 
it is important to use a secret key (symmetric key). This key is the 
same on both nodes in the HA cluster and ensures that only valid HA 
messaging is recognized. 

The most secure, and most resource-intensive, mechanism to use is 
the SHA1 algorithm. Information you enter using that algorithm is 
stored in the /etc/ha.d/authkeys file. (You can always copy this file 
over an SSH connection to the standby system.) 


> Configuring Resources 
The most common HA applications involve configuring a failover IP 
address and a failover service. In the case of a failover IP address, when 
one system becomes unavailable, its partner system assumes its IP 
address. The HA system will automatically send out a gratuitous ARP 
packet, informing routers and switches that the IP address has a new 
owner. For multiple services, you can use multiple IP addresses; HA 
will activate the IP address automatically when the service fails over. 
When adding resources, associate cach resource with a primary 


Figure 1 Se/ect “On" but do not start the server yet because you 
must configure it first. 


Booting ee 
+) On -- Start Heartbeat Server Now and when Booting 
.” Off -- Server Only Starts Manually 


Se ee 


Switch On and Off 
Current Status: 


Heartbeat server is not running. 


Start Heartbeat Server Now 


Figure 2 Ensure that node names match the output of 
the "uname -n' command. 
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node— the node on which the service should normally be started. The 
HA system will initially start the services on the primary node. If the pri 
mary node for a service is down, the partner node will start the service. 

For this system to work properly, both systems should agree on the 
services and who needs to provide them. As a result, the resources 
should be identical on both nodes in the cluster. Resource informa- 
tion is stored in the /etc/ha.d/haresources file. This file must be 
identical on both nodes in the cluster and can be copied from one 
node to the other after you configure the first one. 

Resources listed as services are named after their system initializa- 
tion files, as found in the /ete/init.d directory. The HA system will 
start and stop these services using the start and stop arguments just 
as when the system first boots. In our example, the apache2 service will 
normally run on node dat and needs to be failed over to node daz if dat 
is unavailable, or in other words, is not sending out heartbeat packets. 

When listing IP addresses for failover, use the IP address as the 
name of the resource. The HA system will recognize the dotted deci 
mal notation automatically, and assume control of the IP address 
when a failover occurs. In this case, the 10.0.2.192 IP address needs 
to be failed over, so incoming HTTP requests can be redirected to the 
appropriate system when a failure occurs. 

If cither system has multiple network interfaces, the HA system will 
refer to the routing table and assign the IP address to an interface 
based on the lowest-cost route; typically, this is the default route. 
Remember, this requires no special network configuration, as long as 
the IP address listed is on the same subnet asa NIC card in the system. 

When a system becomes unavailable, the resources start in the 
order they are listed. This ensures that dependencies are met, if need- 
ed, when services are started. In our example, we need to assign the 
new IP address prior to starting Apache. Otherwise, Apache might 
not bind to the proper IP address. 

The inverse of this is also true: when you manually switch a service 
over to another node the services will be stopped and the IP address 


Figure 3 Set the media configuration based on your 
hardware configuration. 
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es will be released in reverse order. When adding/listing services for 
failover, ensure that the services are started and stopped in the prop- 
er order. (SEE FIGURE 4.) 

You might notice in our example, we placed the ownership of all 
services on dar. You can also assign some services to be owned by daz. 
This would allow you to use both dar and daz for normal network 
services, with each taking on the additional load of the other in the 
case of a failure. This type of scenario allows you to better use your 
hardware, since neither server will ever sit idle while still providing 
fault tolerance. 

When configuring resources, you must tell the HA system how to 
recover from failures. When a node becomes unavailable, its mate will 
start the necessary processes to ensure those services remain available; 
however, when a node, which was previously down, becomes available, 
the HA system must determine how to recover. 

Use the Automatic Failback option to configure this. With 
Automatic Failback turned off, services won't automatically switch 
back when a node returns to operation. Instead, the nodes remain 
in the post-failure state until someone resets them (by using the 
hb_standby command), or another failure occurs. If the setting 
is On, the primary node for a service will assume control of it when 
that system comes back online. 

In most situations, the Off setting is preferable, because it mini 
mizes service disruption, or the “hiccup” that occurs when services 
switch over. The Off setting also prevents services from switching 
back and forth when a system has a recurring problem. The Legacy 
setting is for backwards compatibility with older versions of the HA 
system and you typically don’t use it. 


> Configuring a STONITH Device 

When services fail over, the failover system must be certain that its 
peer is really down. ‘To ensure this, HA can communicate with a 
Shoot The- Other Node-In’The-Head (STONITH) device. 


Figure 4 Services must be listed on their primary node in the 
order they should be started. 
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in your migration by 
choosing the wrong data 
management technology. 


When you migrate, you may find yourself at a dead end if you’re not using the right data man- 
agement technology. Make it to your destination and make sure your migration path is 
smooth and secure with Syncsort Backup Express. 

You need to be assured that you can live up to your service level agreements (SLAs) both 
during and after the migration. You need to be especially certain that your disaster 
recovery/business continuity plan is not a roadblock. Syncsort Backup Express has top sup- 
port for both NetWare and Linux Open Enterprise Server environments. 


Backup Express: 
¢ Uniquely supports NetWare, Open Enterprise Server, Linux, and mixed 
clustered environments 
e Will restore NSS volumes to any OES platform — no need to keep legacy boxes! 
e Supports GroupWise on Open Enterprise Server for NetWare and Linux 


Get our free “Data Protection and DR Considera- 
tions If You Are Migrating to Linux-OES” checklist to 
further help guide you safely down the rocky migra- 
tion trail, and/or view our on-demand joint 
Novell/Syncsort Webinar: “Increasing Your Service 
Levels and DR Opportunities with Linux” at 


www.syncsort.com/nv36dab 
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Remember, a STONITH device doesn’t perform a graceful shutdown 
of a node, which could result in more data being written or 
additional delays in a failover. Rather, it interrupts all processes and 
immediately shuts down the server. 


A STONITH device ensures that a node is down, usually by cutting 
the power to the device using a software actuated switch. The HA 
system supports a wide range of STONITH devices, many of which it 
controls using the SNMP protocol. (SEE FIGURE 5.) 

Remember, a STONITH device doesn’t perform a graceful shut- 
down of a node, which could result in more data being written or 
additional delays in a failover. Rather, it interrupts all processes and 
immediately shuts down the server. 

If you use shared devices, such as a shared disk, make sure the active 
node is down before the passive node goes active; data corruption 
might occur if both systems try to read and write the same data. 
Several devices exist that provide STONITH operations for HA sys- 
tems. They are typically multiple-outlet power switches managed via 
SNMP over the network. 


> Starting & Verifying HA Services 
HA Services are started using the rcheartbeat start script and 
stopped using the rcheartbeat stop script. Typically, you start 


these services on the primary node for services first, and then the 
failover node. If they start on the failover node and the server doesn’t 
get any heartbeats, the failover node will start the services. 

Once started, you can find information about the status of HA 
services in the /var/log/ha-log log file; don’t forget to add a con- 
figuration file for this log to logrotate! You can include HA 
services in the system boot sequence using the insserv heart- 
beat command; you typically do this when you configure the HA 
system. 

Once HA services are started, the two nodes will communicate 
over the channel(s) you configured. Each node will determine the sta- 
tus of the other, and will start services based on the node status. 
Examining the log file on the primary node reveals that the primary 
node activated the IP address that we had allocated for the HA serv- 
ice, and then started the apache2 service. (SEE FIGURE 6.) The 
secondary node’s log file shows the node was placed in standby. In this 
case, it will continue to monitor messaging and heartbeats from the 
primary node to ensure the node is available. 


Figure 5 Configure a STONITH device to ensure that the two nodes 
never provide a service simultaneously, 
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Figure 6 The ha-log file shows the activation of the IP address 
and startup of redundant services 
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> Testing the Failover Services 
‘To verify proper operation of the service, you can perform a range of tests: To perform a manual 
failover, use the /usr/1ib/heartbeat/hb_standby command. This command lets the 
HA system know that the current node, or the one on which the command is executed, is going 
into standby mode. As a result, the other node in the cluster will assume control of the 
resources that were configured. 

In this case, let’s configure Apache on the two nodes with two different Web pages. When a 
failover occurs, you can press Reload in your browser to retrieve a new Web page from the other LEARN FROM THE INDUSTRY 


node in the cluster. 


To switch back, log on to the current active node and issue the hb_standby command LEADER IN OPEN SOURCE 
again. You can also issue the hb_takeover command from the non-active node causing it to TECHNOLOGIES 
‘ 


signal the active node and then take control of HA resources. 
If you've configured multiple resources, you can use the /usr/lib/heartbeat/ 


req resource command to request that a node take control of that resource. For example, 
perhaps “named” is a primary resource for dar and apachez is a primary resource for da2, you 
ean use the following command to take control of the apache2 resource again: 
/usr/lib/heartbeat/req resource apache2. 
That command migrates the specified resource, along with all other resources on the same 
configuration line of that resource, over to the node where the req_resource command 
was executed. This allows you to configure a pair of HA nodes so they can provide redun 
dancy for services running on each other. This lets you use hardware that might normally 
only be used as a hot standby device. 

The final test is to unplug your serial cable and crossover Ethernet cable and ensure that 
services switch over and the STONITH device powers down the failed node. 


> Advanced HA Features 

The HA features of Linux go far beyond the simple failover scenarios discussed herein. You 
can configure Heartbeat to perform a wide range of other operations that ensure your users 
always have reliable network services. N 


Fine Tuning Your Heartbeat | 
Depending on your needs for ailback disabled, since network 
service availability, you can fine outages can sometimes be 
une HA services by modifying the emporary. You can also configure 
/etc/ha.d/ha.cf file. Using different he ipfail module through the YaST 
| configuration parameters, you can heartbeat module. 
better control the frequency of With the heartbeat-Idirectord 
heartbeat messages, the delay package installed, HA can also 
before a failover occurs and other monitor the proper operation o 
related settings. You can find more network services. While standard 
information on this configuration HA solutions watch for heartbeat 
ile at www.linux-ha.org. messages, or network connectivity, el 
| HA can use the ipfail module to o fail over, the heartbeat-Idirectord : OPEN 
| monitor external IP connectivity. package contains scripts that can 
As long as the node can monitor additional ports and ed 
communicate with systems that services, for example, httpd, https ky ‘TECHNOLO GY 
exist on an external network, and ftp. If a monitored service (GROUP 
that node will remain active. If becomes unavailable, or returns 
ipfail detects that connectivity is data that was not expected, HA 
lost, it will cause a HA failover. This services can be triggered to 
type of watchdog allows the HA perform a failover. Such solutions | 
| aes to detect more than simply allow you to cause automatic www.otg-nc.com 
| an unavailable system. Using such failover of services in several 
a solution increases the scenarios ranging from Web server obs 877-258-8987 
importance of having automatic errors to hacked Web — TRAINING info@otg-nc.com 


* Additional education, government, 
and volume discounts available. 


Simple object Access Protocoy 


n the business world when you need answers or you want get 
to the bottom of a particularly difficult issue, a face-to-face meeting 
with your key players often gets the best results. It’s that direct eye 
contact and being able to watch someone's body language that helps 
you cut to the chase and get the information you need to make the 
right decisions that lead to success. 

Similarly, when it comes to getting a handle on what's going on in 
your GroupWise information stores, a direct approach can often 
enhance your efforts. No, I’m not saying that all your IT team meet- 
ings need to happen face to face. While that can be a good thing, I’m 
talking about the new Simple Object Access Protocol 
(SOAP)/XML-based Web service in Novell GroupWise 7 that 
enables you to directly access your GroupWise Post Office Agents 
programmatically, or through the back door using code. 


> The Scoop on SOAP 
The GroupWise Web Service enables direct client to Post Office 
Agent communication, allowing you to easily see, use and manipulate 
data in users’ mailboxes. While the GroupWise Object API provides 
this same functionality, it uses a Component Object Model (COM) 
interface, which means that it’s only available on Windows. Asa stan 
dards-based solution that utilizes SOAP. the GroupWise Web Service 
facilitates cross-platform development. Furthermore, because the 
GroupWise Web Service is a server-side interface, it makes it ideal for 
multithreaded, high-performance server applications. 
The goal of SOAP is to provide programs an easy way to com. 
municate with each other using XML. It was developed by the 
XML Protocol Working Group as part of the WC3 Web Services 
Activity. (WC3 stands for the World Wide Web Consortium, 
which defines and develops specifications, guidelines, software and 
tools for the Web.) 
SOAP is defined as a lightweight XML-based protocol for the 
exchange of information in decentralized, distributed environments. 
The SOAP protocol consists of three main parts: 
a SOAP envelope that defines a framework for describing what is 
in a message and how to process it 
* SOAP-encoding rules that define a serialization mechanism that 
can be used for expressing instances of application-defined data 
types 

* aSOAP RPC convention for representing remote procedure calls 
and responses 


Essentially, SOAP, XML and HTTP work together to enable and 
facilitate communication between Web services and service 
requesters, independent of platform. HTTP is the transport. SOAP 
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is the container. XML is the data. It’s through this SOAP. XML and 
HTTP combination that GroupWise 7 enables and facilitates plat 
form-independent communication between service requesters and 
the GroupWise Web Service. 

GroupWise has SOAP listeners that you can enable on your differ 
ent GroupWise Post Office Agents. When enabled, the GroupWise 
Web Service, or SOAP listens for requests from SOAP clients. These 
requests provide the means for SOAP clients to access client data 
stored in GroupWise Post Office Agents. These requests can include 
login to a user's mailbox; getting address books and address book 
items; getting the folder list; and accessing proxy, shared folders and 
other client actions. 


> An Open Heart 

While the heart of the GroupWise Web Service is the industry stan 
dards that it leverages HTTP. XML, SOAP and Web Services 
Description Language (WSDL) —it’s the GroupWise use of WSDL 
that makes it so easy for administrators and third-party developers to 
take advantage of this new Web service interface for GroupWise. 

As its name suggests, WSDL is a language used to describe a Web 
service. It is currently in the WC3 proposal stage, but it seems to 
have already been adopted as an industry standard for reducing the 
time it takes for developers to create SOAP/XML service requester 
applications. 

A WSDL document is an XML file that has three functions. It: 

* describes what operations a Web service can perform 


Listening In 


In addition to letting you access the data in your Post Office Agents, the 
GroupWise Web Service also lets you listen for events that occur there. 
GroupWise uses event records to track event data on a user-by-user 
basis. Event records are stored in each user's individual database. 
SOAP clients can register with the GroupWise Web Service so they are 
notified when certain events occur. In other words, by using individual 
user keys, you can be notified when events related to a certain user 
occur. You can register for notification on specific events, as well as for 
events that take place within a certain time. 

For example, you can create an application that notifies you when 
certain items are deleted from a user’s mailbox. Now that you 
know how to listen for GroupWise events, you can create 
powerful and efficient applications that eliminate your laborious 
task of regularly dredging the mailbox for information, and 
looking for changes during periodic comparison checks. 


* tells how to talk to the Web service 
+ shows the methods that a Web service exposes. 


You can leverage this capability with the GroupWise WSDL and 
GroupWise Web Service if you use an IDE or application framework 
that can compile a WSDL and schema into its Web Service library. 
Think of it like this: WSDL is to Web services what h files are to 
C++. If you want to help someone understand how to use your C++ 


First, make sure you have the following basics: 

+ GroupWise 7 or later 

- an Integrated Development Environment (IDE) framework that 
supports Web services such as Java, .Net, Mono (open source 
implementation of .Net on Linux), or SOAP 

+ Java developers can choose from a variety of implementations or 
frameworks, including Sun’s Web Services Developer Pack with 
NetBeans IDE 4.1 or later and J2SEs.o or later. 


Fact: WSDL is the cornerstone of the Universal Description, 
Discovery and as y= (UDDI) initiative spearheaded 
y Microsoft, IBM and Ariba. 


classes, you give them your -h files. Even though they might not have 
your implementation, they can interface with it because they have 
your class declarations. A WSDL document likewise gives you the 
information your applications need to understand and use a particular 
Web service. So referring to the three functions just stated, the 
GroupWise WSDL a) describes what operations the GroupWise 
Web Service can perform, b) tells how to talk to the GroupWise Web 
Service, and c) shows you the methods that the GroupWise Web 
Service exposes. 

In short, the GroupWise WSDL makes it easy for you to use the 
GroupWise Web Service to get to and manage the data in your users’ 
mailboxes. Its goal is to eliminate the need for you to understand or 
deal with the complexities of XML, SOAP and HTTP as you take 
advantage of the GroupWise Web Service. 


> Before You Start 
Before you can start developing your own SOAP GroupWise service 
requester or client, you need to take care of a few housekeeping items. 


+ Net developers can use Microsoft .Net 2003 or later. 
* GroupWise Web Service (SOAP) Novell Developer Kit 
(developer novell. com/ndk/gwsoap.htm) 


> Let’s Get Going 

Now, complete the following steps: 

| Review the materials in the GroupWise Web Service (SOAP) 
Novell Developer Kit. Start with the readme. 1st file. It provides 
brief overviews and the locations of key documents and files con- 
tained in the Novell Developer Kit, including additional readme 
files, SDK documentation, schemas and more. 

2 Java developers need to read the readmeJava.sxw file and .Net 
developers should read the readmeMSNETsxw file to get specific 
information on setting up the development frameworks to work 
with GroupWise WSDL. 

3 Enable SOAP on your GroupWise Post Office Agent from 
ConsoleOne: select the desired Post Office Agent, select Agent 
Setting from the Group Wise tab, and mark Enable SOAP. 


Figure 1 You can enable the SOAP listener on 
from within the Agent Setting under the Grov 


Properties of POA 
| nes eos + | Other | Rights to Files and Folders 


Al 


— 
[84 


1024 34 
2048 3 


F Enable TCPAP (for Client/Server) 
TCP Handler Threads; 

Max Physical Connections: 

Max App Connections: 

Enable Caching 

CPU Lititzation (NetWare). [85 | percent 
Delay Time (NetWare): [¥00 -$ mitiseconds 
Mex Thread Usage for Priming and Moves: [20 -${ percent 

> Enable imap 
Max IMAP Threads: 
¥ Enable SOAP 
Max SOAP Threads: 


50 24 


T™ Disable Administration Task Processing 
[7 Enable SNMP 


CRRA nner ve WA ll cane 


WSDL into a .Net framework 


in Solution Explorer 


Figure 2 Jo import the GroupWi 
add it as a Web Reference from v 


Nevigels to a web service URL (asmx or wad!) and click Add Reference to add ail the avoilable services found ot that URL. 
o © ofa 


_ ai ~~ CC] 
Start Browsing for Web Services _ 


Ute this page at a starting point to Hed Web services. You can click the link below, oF type a known URL into the 
addrant bar 


Web gerices found at this URL 


Browse tor 
© vob anrvicas on the local machine 


© Wrowse UPI Servers on the local networks 
Quary your local network For LOOT server. 


@ WOO! Directory =| 
Query the UOOI burrs regntry lo ind companies and production Web service, 
© Test tcrosoft UDDI Directory Wer lerencl hun 
Locate ett Wab servees to te during development. ar ee 
Add Reterence | 


a ae 


ca 


novell.com/connectionmagazine 31 


Fact: HTTP requests are usually allowed through firewalls; 
programs using SOAP to communicate can communicate with programs anywhere. 
Ariba, Commerce One, Compaq, Developmentor, HP, IBM, IO A, Lotus, 
Microsoft, SAP and UserLand proposed the SOAP Internet protocol to the W3C in May 2000. 


(SEE FIGURE I.) You can also enable SOAP through the com schemas types.xsd and methods.xsd are in the same directory as 
mand line or a configuration file. groupwise.wsdl. 
5 Name the Web Reference. 
> Have It Your Way 
The Novell Developer Kit for the GroupWise Web Service (SOAP) — To import the GroupWise WSDL into a Java framework do the 
contains the GroupWise WSDL and schema files for Java, Microsoft following: 
-Net and other development frameworks. So whether you work in 1 From within the NetBeans IDE, select File Open Project and 


Java, Mono, .Net, or another framework, if you want to use open the project directory at /netbeans/javaClient. 

GroupWise WSDL, it’s a simple matter of importing the GroupWise 2A dialog box will likely appear informing you that your project is 

WSDL document into your framework environment. not set up correctly. The following steps tell you how to resolve 
To import the GroupWise WSDL into a .NET framework (using the problems: 

Visual Basic), do the following: A Click the JavaClient project and select Resolve Reference 

1 Select New/|Project from within your .Net framework. Problems. 

2 Select Visual Basic as your development language. b When the Resolve Reference Problem appears, highlight 

3 Open Solution Explorer and click on the project name. “GWWS library could not be found” and click Resolve. 

+ Select Add Web Reference and then enter the location of the © Select “New Library” and name it GWWS. 
groupwise.wsdl file. (Sib FIGURE 2.) Ensure that the XML pb Add the GroupWise WSDL library to your newly created 


Cut and Paste 
The following Java code gets a folder list for a GroupWise user's mailbox: 


// The views are the XML elements or fields that the POA will return 
String view = new String(“name folderType”); 


// Create a response object 
m_folderListResponse = new GetFolderListResponse(); 


// Call the POA to get the folder list 

// 1st parameter: “folders” means to get all the folders from the root of the mailbox 

// 2nd parameter: elements to return in the response 

// 3rd parameter: return all the folders in the mailbox 

// 4th parameter: return imap folders 

// 5th parameter: return nntp folders 

// 6th parameter: session id 

m_folderListResponse = m_main.getGWService().getFolderListRequest(”folders”, view, true, false, false, 
m_main.getSessionId()); 


// The response will have the folders. If there is not a problem, the return code will be 0 
if (m_folderListResponse.getStatus().getCode() == 0 ) 
{ 


// Success getting folder list 
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Whether you’re working with a Java or .Net framework, 
you should review the Developer Kit’s readme files specific 
to your environment for setup and configuration details. 


library: select the Classpath tab and click Add JAR/ Folder. 
Then highlight the /wsdl dist lib/gwws.jar file and click OK, 
(SEE FIGURE 3.) 

& On both the Sources and JavaDoc tabs, add the directory 
wsdl java/build/sre. At this point, a dialog will show that 
GWWS has been resolved, but it might also show that JWSDP 
still needs to be resolved. This means you need to add the Java 
Web Services Developer Pack jar files into your development 
environment. To do this, create a new library for it in much the 
same way you did for the GroupWise WSDL. You can find the 
details for this process in the readmeJava.sxw file in the Novell 
Developer Kit. 


> Digging In 
When you import the GroupWise WSDL into your development 
framework, it automatically generates a GroupWise Web Service 
library that allows you to easily make calls directly to the Post Office 
Agent. For example, if you want to log in to GroupWise, simply use 
the local “login” method and objects that have been created by the 
framework’s WSDL compiler. You don’t have to deal with the under- 
lying details of working with SOAP, packaging XML documents, 
parsing XML or using HTTP. Once the GroupWise WSDL docu- 
ment is imported into your framework, those details are taken care of 
by your application framework. 

To see how the GroupWise WSDL simplifies your development 
efforts in interfacing with the GroupWise Web Service, see Cut 
and Paste. 


The Novell Developer Kit contains even more extensive sample pro- 
grams for using GroupWise WSDL methods for things such as 
logging into the GroupWise Web Service, and getting folder lists and 
mailbox items. In addition to sample code, the Developer Kit con- 
tains PDF documentation files on the methods and objects for the 
GroupWise SOAP protocols and GroupWise Events. The developer 
kit also provides the XML schemas that help you understand what 
methods can be used on the GroupWise Post Office Agents as well as 
show you what objects Group Wise expects for certain methods. 

Even though the goal of GroupWise WSDL is to make it easier to 
create programs that directly access Post Office Agents, you don’t 
have to use the WSDL. If you're proficient with XML, SOAP and 
HTTP. you can do all the underlying low-level programming your 
self, Just stick to the schemas provided in the Developer Kit. It will 
take more work on your part, but it might give you a little more con- 
trol or flexibility to accomplish what you want. 


> Cut to the Chase 

By allowing you to interact directly with Post Office Agents, the 
GroupWise Web Service enables you to easily and quickly create 
cross-platform solutions that make it simple for administrators and 
developers to view, manage and manipulate the information stored in 
users’ mailboxes. You can create custom applications that, from out- 
side of GroupWise, can retrieve folder lists, do busy searches, manage 
proxy rights, generate reports, view items, deal with junk mail or a 
variety of other tasks that extend an administrator's capabilities. 

No matter what you want to do, the bottom line is that the Novell 
GroupWise Web Service gives you a new option for getting direct access 
to the data stored in your users’ mailboxes. It uses industry standards to 
simplify development efforts, reduce development time and provide 
cross-platform support. But best of all, it let's you programmatically cut 
to the chase, bringing you face to face with the mailbox information you 
need to solve your problems and produce the results you want. N 
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Other Helps 


One of the particularly easy-to- 

use helps in the Developer Kit 

is a javadocs API document ° 
file called index-all.htm located 

in the folder 


and details for each 
Annotation Type. 

Enum provides a separate 
page for each Enum with 
sections for declarations, 
/Java/netbeans/wsdl/build/src/. descriptions, constant 

It gives details on the summaries and constant details. 
| GroupWise Web Services * Tree (Class Hierarchy) 
libraries, constructors, fields contains a Class Hierarchy 
and methods. The javadocs file page for all packages, plus a 
has several sections: hierarchy for each package. 
Each hierarchy page contains 
a list of classes and a list of 
interfaces. 

Index contains an alphabetic 
list of all classes, interfaces, 
constructors, methods and 
fields. 

Serialized Form each 
serializable or externalizable 
class has a description of its 
serialization fields and 
methods. This information 
would be of interest to re- 


* Package provides a list of 
classes and interfaces for each 
package, with a summary for ° 
each package. It also includes 
categories for Enums, 
Exceptions, Errors and 
Annotation Types. ° 
* Class/Interface provides 
class/interface descriptions, 
summary tables and detailed 
member descriptions for each 
class, interface, nested class 
and nested interface. implementors, not developers 
* Annotation Type includes using the API. 
declarations, descriptions, * Constant Field Values lists 
required element summaries, the static final fields and 
optional element summaries their values. 
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By Phil Karren and Kari Woolf 


Sroupw ise: You Are Now Free to Roam About the Country—Any eo Memos, Rolodexes, 
the desktop calendar and meeting around the water cooler are all yesterday's tools of office collaboration. 
_ With the arrival of e-mail and integrated collaboration applications, the paradigm has dramatically shifted. 
E-mail, electronic address books, appointments, tasks and instant messaging are now the norm for business and 
personal communication alike. And these applications are among the most-used software on virtually any desktop. 
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emos, Rolodexes, the desktop calendar and 

meeting around the water cooler are all yesterday's tools of office col- 
laboration. With the arrival of e-mail and integrated collaboration 
applications, the paradigm has dramatically shifted. E-mail, electronic 
address books, appointments, tasks and instant messaging are now the 
norm for business and personal communication alike. And these appli 
cations are among the most-used software on virtually any desktop. 

Novell GroupWise has been at the forefront of this digital trend 
with a secure, reliable and adaptable collaboration solution, and 
Novell has provided a steady stream of innovation to meet the needs 
of enterprises striving to enhance knowledge worker productivity. 
Now Novell is stepping up to meet the latest requirement in work 
group collaboration—wireless synchronization. 


> A World Gone Wireless 

According to a recent analyst report, the mobile worker population 
will increase from more than 650 million worldwide in 2004 to more 
than 850 million in 2009 (Source: ide.com getdoc.jsp*container Id=34124). 
That’s more than one-quarter of the global professional workforce. 
And the number of those workers accessing wireless e-mail is pre. 
dicted to grow from 6.5 million in 2005 to 123 million by 2009. For 
the administrator, this means going well beyond supporting a few 
wireless devices for executives. Sales personnel, floor managers, 
onsite service specialists, and even your average knowledge worker 
needs access to e-mail and other business-critical data anytime, 
anywhere. Novell GroupWise 7 helps IT managers meet this grow- 
ing demand. 


> It’s All About Choice 

You've seen them in airports, doctor’s waiting rooms—and even in 
the grocery checkout line: people with wireless devices that don’t let 
location get in the way of what needs to be done; and they're doing 
a lot more than just talking on a cell phone. Today’s mobile profes- 
sionals are boosting productivity with smart phones— devices that 
give them access to e-mail, appointments, attachments, Internet 
data, real-time news flashes—even information from corporate 
databases and applications. 

These smart devices are the lifeblood of every mobile professional 
and “home base” for many of the users you support. But the users 
themselves...well, they're definitely not all the same. BlackBerry users 
love their BlackBerry devices. Treo users love their Treos. In fact, if 
your enterprise is like most, you support a variety of wireless devices. 
In the wireless world, as in many others, choice is everything. So 
Novell has set out to offer the best and widest array of wireless syn- 
chronization solutions in the market. 
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If you have users on BlackBerry devices, Research In Motion (RIM) 
offers support through a strong partnership with Novell and stellar 
integration between GroupWise and the BlackBerry Enterprise 
Server (BES pronounced bez). If you have users on Palm Treos, HP 
iPAQ Pocket PCs, Nokia, Motorola or virtually any other device, 
integrated support will be provided in an upcoming GroupWise 7 
enhancement pack through the Novell partnership with Intellisyne. 

For more information on both of these solutions, read on. You'll 
find all the information you need to support your wireless needs 
whatever combination of devices you're using. 


Supporting BlackBerry Devices with BlackBerry 
Enterprise Server for Novell GroupWise 

BlackBerry devices are the most popular mobile devices in the mar 
ket; Gartner Group confirms RIM's leadership in their recent Magic 
Quadrants for Wireless E-mail (July 2004 and October 2005). As of 
November 26, 2005, RIM had more than 4.3 million subscribers. As 
some IT’ managers will tell you, BlackBerry users are “addicted.” 
BlackBerry is also a global solution, with more than 150 wireless car- 
riers selling BlackBerry devices and software in more than 60 
countries around the world. Additionally, 60 percent of companies 
running BlackBerry Enterprise Server have already begun to deploy 
applications beyond e-mail, including SAP. Siebel, SalesForce.com 
and Remedy, to their mobile workforce. 

Many of those BlackBerry-packing professionals are using them 
to get GroupWise information while on the move. In fact, thou- 
sands of installations already exist of BES for Novell 
GroupWise — the software that keeps all those BlackBerry devices 
synced up. That’s why RIM and Novell have worked together to 
ensure that BES for Novell GroupWise keeps these users as pro- 
ductive as possible. A number of joint customers throughout the 
world are leveraging the benefits of this Novell/RIM partnership, 
including Trico Products and Central Washington University in 
the United States and Holmenkol in Europe. (Read the success sto 
ries for these companies online at xovell.com/success.) These and 
many other customers rely on GroupWise and BES —a combina 
tion one IT manager refers to as “an e-mail workhorse” — to get 
the job done. 

And with RIM’s BlackBerry Connect initiative, devices featuring 
BlackBerry push delivery technology will connect to BES for Novell 
Group Wise, providing added device choice for BlackBerry users. 


> User Features 
The BlackBerry push-based solution lets you see all of your 
Group Wise e-mail and instant messages on your devices. E-mail mes- 


In the wireless world, as in many others, choice is everything. So Novell has set out to 
offer the best and widest array of wireless synchronization solutions in the market. 


sage status is checked and updated frequently, so the Inbox on your 
BlackBerry stays current. In fact, IT managers confirm that BES syn 

chronizes e-mail and Personal Information Management (PIM) data 
24 hours a day, as long asa wircless signal is available. In addition, users 
can view many different kinds of attachments including MS Office, 
Adobe PDF, plain text and graphic formats such as JPG, BMP, GIF, 
PNG and TIFF. 

PIM data, such as appointments, contacts, memos and tasks, are 
also synced between GroupWise and BlackBerry devices. You can 
accept or decline appointments, with or without comments, and get 
conflict notifications from your devices. In addition, you can use the 
remote address lookup feature to find GroupWise users in the system 
address book and add them as recipients for e-mails and meeting 
requests or add them as contacts in the device address book. 

Anyone can activate their own device wirelessly, so there’s no need 
to cradle the BlackBerry to a computer to set it up or keep it in syne. 
All you have to do is make sure your carrier has enabled the 


BlackBerry voice and data plan, and then enter your e-mail address 
and activation password. 


> On the Back End 

Installation of the BES server runs smoothly: it’s as easy as selecting 
the default settings. The BES requires Windows Server 2000 or 2003 
and communicates with Group Wise as a trusted application using the 
Object API. 

Installed behind the firewall, BES securely synes e-mail, instant 
messages, appointments, contacts, memos and tasks with BlackBerry 
devices through the Internet, RIM’s Network Operation Center 
(NOC) or over any supported carrier network using one of several 
wireless technologies: 

» GSM/GPRS/EDGE 
» CDMA/EVDO 

* iDEN 

+ Mobitex. 


Figure 1 Provisioning and maintaining users IS easy. Lookups are 
done on the corporate address book to add users. You can also create and 
manage groups with the BlackBerry Manager. 
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Figure 2 The simple user interface of BlackBerry Manager makes it easy to 
deploy new applications, troubleshoot device settings, manage mobile device 
policies and even wipe the BlackBerry clean of data if the device is lost 
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You can also set up communication with WiFi-enabled BlackBerry 
devices over your company’s wireless 802.11b LAN. 

Provisioning and maintaining users is also simple. (S11) }GURI I.) 
Lookups are done on the corporate address book to add users. The 
simple user interface of BlackBerry Manager makes it easy to deploy 
new applications, troubleshoot device settings, manage mobile device 
policies and even wipe the BlackBerry clean of data if the device is 
lost. (SEL FIGURE 2.) IT managers love RIM’s solutions because of 
the overall ease of management. In fact, BlackBerry has the lowest 
TCO of any “mobile middleware solution,” according to Scotia 
Capital (Source: Equity Research: Daily Edge, August 17, 2005). 


> Security with BlackBerry 

BlackBerry was designed from its inception to provide end-to-end 
secure data communications between the server and BlackBerry 
devices. In fact, the digital security consulting firm @stake Inc. 
reviewed the BlackBerry security model and concluded that it “pro 
vides the necessary confidentiality, integrity and authentication” for 
wireless communications. 

All wireless collaboration data is protected using 256-bit Advanced 
Eneryption Standard, or AES (part of the U.S. National Institute of 
Standards (NIST) Federal Information Processing Standards 
Publication 140 (FIPS 140-2) developed for U.S. government non- 
military agencies and contractors). BlackBerry devices are FIPS 
140-2 certified. Application data is secured using a combination of 
AES and HTTPS in either proxy mode or end-to-end mode. 

You can set password policies to make password authentication 
mandatory for all users. By default, after 10 failed login attempts, all 
data on the BlackBerry is destroyed. 

For their convenience, users can keep their own Web site and other 
passwords on the device itself using the Password Keeper. These pass- 
words are also secured using AES. 

At startup, the server initiates an authenticated, outbound connec- 


Figure 3 The GroupWise Mobile Server syncs collaborative information from 
server to the mobile device, and from the mobile device to the server 
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Intellisync Facts At-a-Glance 


Intellisync was recently awarded Frost & Sullivan's 2005 Mobile Software 
Product Innovation award, and also named as a challenger in Gartner's 
most recent Magic Quadrants for Enterprise Wireless E-mail. Here are a 
few stats about the company 
* in business since 1993 
* 400 employees worldwide 
* 4500+ customers, including virtually all of the 

Fortune 1,000 
* 20 million+ users 
* 300 partners, including major carriers, hardware 

makers and software companies. 


tion through the company firewall using IP port 3101. In addition, 
only communications that can be encrypted and decrypted with a 
valid key are permitted between the server and the devices on the 
wireless network. 

Finally, administrators love the security support for lost or stolen 
devices. When a user loses a device, you can lock the device, change 
the password or set the text on the device display. If a user’s device 
is stolen, it’s quick and easy to wipe out all the application data on 
the device. 


> Application Integration 

The BlackBerry Mobile Data System is a framework of developer 
tools, administrative services and BlackBerry device software that 
enables you to deploy enterprise and other applications to mobile 
users. It simplifies and speeds wireless application development and 
deployment by providing developers and IT professionals with a 
choice of tools that meet their requirements, skills and experience. It 
uses the same proven BlackBerry push delivery model and the 
advanced security features leveraged by BlackBerry e-mail. 


Wireless Support With GroupWise Mobile Server, 
Powered by Intellisync 
Although BlackBerry is a popular device in the mobile marketplace, 
it’s not the only one. In fact, the market is diverse, made up of many 
hardware and software vendors that provide a broad range of choice 
for consumers. For most of these other devices, 400 of them in fact, 
Novell will provide the GroupWise Mobile Server, powered by 
Intellisyne. Supporting these devices is not optional for GroupWise 
users and managers— it’s a necessity. 

Unlike the personal computer, which quickly converged on operat- 
ing environment software from a single vendor, mobile devices are 
based on several different environments including Symbian, PalmOS, 


Java, BREW, SyncML and Windows Mobile. Hardware vendors 
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Research in Motion RIM Facts At-a-Glance 


Gartner Group recently placed RIM in their Magic Quadrants for 

Wireless E-mail (July 2004 and October 2005) 

* more than 4.3 million subscribers 

* more than 150 wireless carriers 

* software in more than 60 countries 

* 60 percent of companies running BlackBerry Enterprise Server have 
already begun-to- deploy applications: beyond e-mail including SAP 
Siebel, SalesForce.com and Remedy to their mobile workforce. 
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include Palm, Nokia, Sony-Ericsson, Motorola, HP, LG, Samsung, 
Siemens, Sharp, Kyocera and many others. Form factors also vary 
widely, ranging from small phones to PDA-like handhelds to tablet 
PCs. GroupWise Mobile Server, powered by Intellisyne, supports all 
of these vendors and more, and does it with a consistent look and feel 
across all of these platforms. 

To develop the essential collaborative function of syncing with 
the broad set of mobile handhelds available, Novell chose to partner 
with Intellisyne because of its tradition of innovation, depth of 
experience, deep set of customers, rock-solid security and rich set of 
software and hardware partners. (For more details, see /ntellisync 
Facts At-a-Glance.) 

When the GroupWise Mobile Server is released, GroupWise 7 
customers on maintenance or upgrade protection will be able to 
download it free of charge. Customers who purchase GroupWise with 
maintenance or upgrade protection after the enhancement pack is 
released will also get the GroupWise Mobile Server. Either way, it 
means you'll be able to provide your users with e-mail, appointments, 
tasks and notes from almost anywhere. This significant development 
has excited customers and partners across the world. Pierre Lams, 
founder of Handheld PCs, Ltd., a systems integrator in the United 
Kingdom, says that one of his large GroupWise customers was 
“delighted to hear about Novell’s partnership with Intellisyne.” 


> User Features 

Support for mobile e-mail includes meeting requests, attachments, 
folder access, header size control, signatures, attachment filtering and 
more. You can syne calendars, create meetings and handle recurring 
meetings. Contacts and tasks also work flawlessly. 

In addition, you can see almost any kind of attachment including 
MS Office, PDE, plain text and graphic formats including JPG, BMP, 
GIF, PNG and TIFE You can even zoom, pan and rotate images. 

All client software is downloaded from the GroupWise Mobile 
Server through a wireless carrier of your choice, or over WiFi, so 
there’s no need to cradle the handheld to set it up. But you can still 
syne it with a cradle, as long as the PC is connected to the Internet. 


> On the Back End 

The server syncs collaborative information from the mobile device to 
the server, and from the server to the mobile device. (SEE FIGURE 3.) 
The server runs on Windows 2003. (Intellisync and Novell are work- 
ing together to port the server to SUSE Linux Enterprise Server. 
Support for this platform will be available later.) 

You can synchronize information over the wireless carrier of your 
choice, or over WiFi. In most cases, you'll deploy the server inside the 
DMZ, communicating with mobile devices over the wireless Internet 
using HTTP or HTTPS. You don’t need a Network Operation 
Center (NOC) at the carrier. 

GroupWise Mobile Server requires GroupWise 7 Service Pack 1 
(SP) or later to work, and communicates with Group Wise using the 
Simple Object Access Protocol (SOAP) interface. SOAP began ship- 
ping with GroupWise 7 in August, 2005. (In addition to enabling 
GroupWise to work with the GroupWise Mobile Server, SP1 
includes iCal support, a low-bandwidth WebAccess option, Global 
Signatures, Shared Contacts for the Outlook Connector, [Pv6 sup 
port for the Instant Messenger, and an enhanced GroupWise 
Monitor for SUSE Linux.) 

One feature of Intellisyne’s technology is “push” support for syn- 
chronization of e-mail, appointments, contacts and tasks. When you 
enable the push technology, the server pushes data to the mobile 
handhelds as soon as it arrives in the user’s Inbox; the handheld does- 


n't have to poll the server at regular intervals for new information. 

Administration options include Inbox and Outbox settings regard- 
ing truncation lengths; whether to get attachments automatically, and 
if so what kinds; whether to remove old e-mails from the user’s device 
(for example, anything over 7 days); and what sorts of devices to sup 
port (for example, PalmOS, Pocket PC, Symbian and so on). 


> Secure Mobile Communications 

You can choose from three encryption standards to ensure secure 

communication between the mobile device and the GroupWise 

Mobile Server: 

- Triple Data Encryption Standard (DES), a 12-bit encryption 
scheme that uses three 56-bit keys 

+ Advanced Encryption Standard (AES), sometimes referred to as 
Rijndael, a block cipher standard with 128-bit keys 

* Secure Sockets Layer (SSL). 


Both Triple DES and AES are approved with the same FIPS 140-2 
certification as the BlackBerry solution mentioned previously. All 
key exchanges are based on the Diffie-Hellman exchange protocol. 
You can also syne with no encryption at all if you don’t require 
secure communications. 

Passwords are never stored on the mobile device, but for user con- 
venience, authentication credentials can be stored there, if you 
choose. You can also enforce a power-on password, and if configured, 
include an optional reauthentication after periods of inactivity. 

GroupWise Mobile Server does not create any inbound-initiated 
connections to the corporate firewall and uses packet-level filtering to 
ensure the data and sender are valid. 

Besides making sure corporate data is secure while synchronizing, 
the GroupWise Mobile Server also has a “kill pill” to remotely deac- 
tivate devices and destroy data when a user leaves a device behind in 
an airport, taxi or anywhere else. 


> Application Integration 

In addition to syncing with mobile devices, GroupWise Mobile 
Server will provide the foundation for syncing between GroupWise 
and many different enterprise applications. Intellisync supports 
appointment, contact and task syncs with Siebel, Oracle, PeopleSoft, 
SalesLogix, Salesforce.com, Intuit, McKesson, Pivotal and others. 
Although Novell won't automatically support all of these applications 
syncing with GroupWise right out of the gate, the GroupWise team 
is working with Novell Consulting, Intellisync and others to identify 
applications to be supported. 


Wireless Your Way 
GroupWise is widely known as the most secure, reliable and adaptable 
collaboration product on the market. Security and reliability are obvi- 
ous concepts, but what do you really need on the adaptability front? 
The freedom to support user productivity and business goals— 
whether that means running on Linux, Windows or a mix of 
platforms—and any combination of wireless devices you choose. 
With its broad focus on wireless synchronization, Novell has set 
out to provide exactly this level of adaptability. BES v4.0 for 
GroupWise is a great choice for connecting GroupWise to the most 
popular set of mobile devices in North America (and growing fast 
everywhere else). And with the release of GroupWise Mobile Server, 
powered by Intellisyne, users with mobile devices of almost any flavor 
will be able to collaborate anywhere, anytime. Whatever your wireless 
needs, Group Wise has the technology, partnerships and commitment, 
and delivers the best and broadest wireless support in the industry. N 
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Novell openSUSE org Promotes the Use of Linux Everywhere 
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ovell has done it again! It has further enhanced its 
support for, and commitment to, Linux and the open source move- 
ment by sponsoring a new project: openSUSE. The most visible 
manifestation of this support is the new Web site: openSUSE.org. 

You'll find a great deal of information related to SUSE and open 

source on this site. Not only will you find documentation and other 

links, but this is also where betas and development releases are post- 
ed. You can also report bugs through the Bugzilla database, 
participate as a developer and much more. 

The openSUSE project was created to promote the use of Linux 
everywhere by providing free access to SUSE Linux, the most usable 
distribution of Linux on the market today. According to Novell, the 
goals of this project are three-fold: 
| Make SUSE Linux the easiest Linux distribution for anyone to 

obtain and the most widely used open source platform. 

2 Provide an environment for open source collaboration that makes 
SUSE Linux the world’s best Linux distribution for new and 
experienced Linux users. 

3 Dramatically simplify and open the development and packaging 
process to make SUSE Linux the platform of choice for Linux 
hackers and application developers. 


This isn’t just a movement aimed at those who stay up until the wee 
hours of the morning digesting source code. Everyone in the Linux 
community, regardless of their prior knowledge, is encouraged to par- 
ticipate in some capacity in the project and there are many ways to do 
so as outlined at opensuse.org/how_to_ participate. (SUE FIGURY. 1) 

Among them is a great need for those who are simply willing to test 
SUSE Linux and report problems; the greater the number of testers, 
the more stable and bug free the final build will be. Help is also need- 
ed to improve or localize the site, develop patches and packages, 
suggest new software to be included with the operating system, write 
documentation, and help other users. 

In an interview with Greg Mancusi-Ungaro, Novell director of 
marketing for Linux and open source, he said, “We're moving from a 
closed model where the code was tested in-house, to a completely 
open and transparent model,” that is open to all input. Every voice in 
the Linux community now has the ability to use the software as it is 
being developed, help comment on it and refine it through each phase 
of the process. 

On the openSUSE Web site, you can find links to upcoming events, 
news and project milestones. The events include those for Novell as 
well as those for Linux in general, as the company continues to move 
from a proprietary model to more of a portal-based one. 

Novell will continue to package and sell SUSE Linux to users who 
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would rather have a physical product in their hands than download 
from the Web. In addition to the physical box and media, the retail 
product will differ in that it will have printed copies of the manuals, 
include support and whatever commercial software is to be included 
along with the operating system. 

That last item is very important, and you should note that when 
you download the software from the site, you get only the SUSE 
Linux operating system and not the other commercial software that 
accompanies the retail version of the product, such as the browser 
plugins. The components that aren't included are easy to obtain and 
install, but you'll need to plan your time so you don’t start the process 
right before quitting time on a Friday afternoon. 

The main reason for not including the other applications in the 
download version is because of the licensing agreements with the ven- 
dors of those applications; you must usually agree to each of their 
licenses to legally be in compliance with them. 

Register at openSUSE.org if you want to edit the wiki or report bugs 
in bugzilla. Just give your e-mail address to subscribe to a mailing list. 
You can access everything else, including code, as an anonymous user. 

From the perspective of potential customers, the project is a defi 
nite plus for Novell. William Steen, Information Technology 
Coordinator for Tipton County, Indiana, is in the process of deter- 
mining whether to stay with the platform currently in place or move 
to an open source solution and was impressed by what he saw: “I think 
the openSUSE project illustrates Novell’s commitment to the open 
source movement. They didn’t come into the Linux market and start 
shutting the doors behind them—which they easily could have done 
given their size,” he said. “Instead, they came into the market and 
offered to make sure the doors stay open for everyone else as well. You 
have to admire them for that, and it is one of the considerations we are 
looking at as we evaluate migrating to SUSE Linux.” Steen men- 
tioned how some of the county commissioners are afraid of being 
locked into proprietary solutions and this gives him one more bullet 
to use when trying to sell the migration to them. 

On openSUSE.org, communication of issues related to the project 
is done through mailing lists, IRC (Internet Relay Chat), and Web 
forums. Documentation includes the usual FAQs, product highlights 
and much more. Currently, the SUSE Linux Reference is available 
online in its entirety as a 786-page PDF. You will be hard pressed to 
find such a comprehensive, and current manual anywhere else for free. 

User documentation on the site (SEE FIGURE 2) is divided into 
several sections: 

* New Users Start Here is a collection of items most relevant to 
users who are new to Linux and/or new to SUSE Linux. 
* Installation contains documents and articles obviously covering 
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the installation of the OS. For the most part, installation is 
amazingly simple: download the ISO images, burn them onto CD 
or DVD and start the installation from those. It gets a bit more 
complicated when you start installing across the network and such, 
and that is why these installation files are available on the site. 
Configuration holds information on tweaking the system as well 
as applications. 

Hardware not only contains lists of the supported platforms and 
hardware, but also troubleshooting information and notes on fine 
tuning and optimizing specific settings. 

Artwork houses the usual collection of wallpaper, icons and 
miscellaneous graphics. 

Wishtists currently has three subsections: Use the Package 
Wishlist to suggest including a package you think the current build 
should have (S11) 1GU RE 3); use the Feature Wishlist to suggest a 
feature you'd like to have included; and use the OpenSUSE 
Wishlist for the project itself, Web site or other such item. 


User Projects offers the ability to start a subproject and get 
other people onboard and involved. 

Users FAQ not only lets you look for answers to the questions 
you have, but you can also post new questions that aren’t 
answered in the FAQ. 

Tips, Tricks and How-tos lets you search for others’ 
documentation or create your own and post it to be shared with 
everyone else in the community. 

Developmentcurrently has items on Qt and how to set up a 
build server. 


Opening the doors to developers creates an enormous opportunity 
for Novell’s Linux to become the dominant Linux distribution 
throughout the world. Jeff Durham, a consultant for small- to medi- 
um-sized businesses in the Midwest United States and a creator of 
several small applications, couldn’t be more pleased with the way 
Novell is opening its source code to developers: “It has long been the 
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For more information on openSUSE, visit the site at openSUSE.org; 
not only will you be impressed by the simplicity of it, as compared to many other sites, 
but you'll also find the answers to most of your questions. 


belief that SUSE Linux is the most robust operating system on the 
market; however, Novell was dragging behind by not offering some 
thing similar to Red Hat’s Fedora for developers to be able to freely 
get the code and work with it. With openSUSE now underway, 
they've not only followed that lead, but also have the opportunity to 
surpass Red Hat.” Durham has already downloaded the latest builds 
from the site and is working with them. The Project Milestones, post- 
ed on the main page, offer dates when subsequent builds will be 
available and he has circled them on his desk calendar. 

Novell’s commitment to Linux development does not stop merely 
at SUSE Linux. Instead, Novell is creating a build service for external 
developers that is based on the AutoBuild system to help developers 
create applications that run on multiple architectures. AutoBuild 
simplifies the development process of writing applications and assures 
the apps will run—as they should, and be supported throughout the 
community. The build service will too. 

One process currently underway at the project is the exporting of 
the SUSE Support Database (known as SDB) to a wiki. By turning it 
into a wiki, it allows anyone to edit and enhance the entries within the 
database. Localized wikis will exist to account for language differ- 
ences; German, French and Spanish are the first three planned, in 
addition to English. 

While the openSUSE project has a lot to offer now, the project is far 
from finished. Plans call for phase two to be implemented in March or 
April 2006 and includes a simplified patch-submission process and 
personalized developer accounts. Phase three is slated to follow in the 
middle of 2006 and calls for a complete community infrastructure 
allowing, among other things, packagers to quickly create packages and 
include them in the latest test versions of the distribution. 

As such, the openSUSE project is the door into the Linux world 
for new users, developers and enthusiasts worldwide. By making it 
easier for users to access the operating system, it makes it easier for 
them to adopt it. By opening the code to developers, it simplifies their 
work and will help make SUSE Linux the most used Linux distribu- 
tion in the world. Finally, by welcoming enthusiasts, and listening to 
their concerns and wishes, the operating system benefits with each 
successive generation of the product. 

Finally, in addition to the openSUSE project, Novell and other 
members of the openSUSE project also support a plethora of other 
projects currently in the works. These projects range from Beagle; 
which is a search tool; to Mono; which provides the necessary soft- 
ware to develop and run .NET client and server applications on 
Linux, Solaris, Mac OS X, Windows and Unix; and everything in 
between. You can find a current list of supported projects at 
opensuse.org/ projects. 
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> More Information 

For more information on openSUSE, visit the site at openSUSE.org; 
not only will you be impressed by the simplicity of it, as compared to 
many other sites, but you'll also find the answers to most of your ques- 
tions. | also highly recommend listening to, and viewing, the Webcast 
between Greg Mancusi-Ungaro and Ted Haeger, Director of User 
Communities, that was put together for the Novell Users 
International group. This can be accessed online at 
nuinet.com/“pg-webcasts/opensuse/highbandwidth, 


> About the Author 

Emmett Dulaney is the author of the Novell Certified Linux 
Professional (CLP) Study Guide (ISBN: 0-672-32719-8) and Novell 
Linux Desktop 9 Administrator's Handbook (ISBN: 0-672-32790-2) by 
Novell Press. He holds a number of Linux and other certifications. N 


Figure 3 The Wishlists section currently has three subsections: Use the Package 
Wishlist to suggest including a package you think the current build should have; 
use the Feature Wishlist to suggest a feature you'd like to have included; and use 
the openSUSE Wishlist for the project itself, Web site or other such item 
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ou know that business success depends on having the 
right tools and information available to the right people when they 
need them. That requires you to effectively manage identities— the 
people and the resources throughout your enterprise. 

It’s fairly straightforward: With identity management, you more 
easily improve service, resolve security weaknesses and reduce IT 
administrative costs. Without it, new employees sit idle, waiting for 
access to needed business tools—while former employees have access 
to those tools for days, or even weeks, after they leave. 

Okay, you're thinking—nothing new there. Identity management 
has become a necessity for today’s enterprises. What is new is the 
technology that provides identity and effective control over both 
automatic processes and those that require human intervention. 

The new solution streamlines approval processes and enables 
delegation of authority while providing self service features that 
ease the management burden on your staff. [t does all that by lever 
aging, rather than replacing, your existing business processes and 
technology investments. 


> Identity Management Through the 

Complete User Lifecycle 

The recently released Novell Identity Manager 3 helps you securely 
manage identity and access for your ever-changing user community 
through complete management of the entire user lifecycle across all 
systems and organizational boundaries. It lets you deliver first-day 
access to essential resources, synchronize passwords across connected 
systems, instantly modify or revoke access rights and enforce security 
and regulatory compliance. 

For resources that require human approval, the system automati- 
cally notifies appropriate approvers and enables them to quickly and 
easily provide or deny access. (SUE FIGURE 1.) It even allows them to 
easily delegate authority when necessary. 

From the time an employee walks through the door on his first 
day with your company until he closes the door on his last, Identity 
Manager 3 has you covered—whether the processes can be done 
automatically or need human intervention. You get all this from 
three important capabilities of Identity Manager 3: automated 
role-based provisioning, workflow-based provisioning and pass- 
word management. 

Let’s take a look at how each of these work to bring you the agility 
and security you need. 


i Automated Role-Based Provisioning 
Using your business rules, Identity Manager 3 automatically provi 
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sions resources to your users based on their roles and relationships in 
your organization. New employees can access everything they need 
on their first day on the job—without your team manually entering 
user information on multiple systems. You get more done with fewer 
people, which saves you money and lets your staff focus on more 
strategic projects. 


For example, let’s say the HR manager at Sacred Heart Medical 


Corporation (SHMC) has just entered a record for Stanford Oveson, 
a new physician at one of its hospitals. In response, Novell Identity 
Manager 3 automatically: 


creates accounts in other applications based on Dr. Oveson’s role 
as a physician; in turn, those accounts provide authoritative 
identity information. For example, SHMC uses Microsoft 
Exchange for e-mail addresses. Microsoft Exchange creates the 
e-mail address soveson@shme.com, and Identity Manager 3 
communicates that to all connected systems. 

transforms data into appropriate formats for each system. For 
example, PeopleSoft uses a phone number format of xxx-xxx-Xxxx, 
while the Microsoft Exchange format is (xxx)xxxxxxx. Identity 
Manager automatically formats each correctly. 

updates all relevant information in all connected applications. 
For example, PeopleSoft shows that Dr. Oveson works at the 
company’s hospital in Chicago, so Identity Manager creates an 
Exchange mailbox for him in the Chicago container. When 

Dr. Oveson later moves to the group’s hospital in Austin, 

Texas, Identity Manager automatically repeats the 
synchronization process. 


2 Workflow-Based Provisioning 

Obviously, there are times when you don’t want to — or can’t—com- 
pletely automate the provisioning of all resources. Sometimes a 
human needs to decide whether a resource should be granted. No 
problem: a new Identity Manager add-on module integrates human 
based, or “workflow,” provisioning. In other words, the Provisioning 
module for Identity Manager electronically manages and streamlines 
the entire process cach time a resource is requested, even if human 
approval is required. 


With Identity Manager 3, there is one system for both automatic 


and human-based provisioning, and one Identity Vault that stores 
all provisioned information. The benefits are obvious: no more 
paper chase since all requests are made and approved electronically, 
and the automated approval process lets people get to work as 


quickly as possible. 


On his first day at work, Dr. Oveson opens the new Identity 


The recently released Novell Identity Manager 3 helps you securely manage identity and 


access for your ever-changin 


user community through complete management 


of the entire user lifecycle across all systems and organizational boundaries. 
It lets you deliver first-day access to essential resources, synchronize 
passwords across connected systems, instantly modify or revoke access 
rights and enforce security and regulatory compliance. 


Manager Web-based User Application to see what resources are avail- 
able and how he can get approval to use them. On that browser page 
is a list of resources he can simply click to initiate the workflow- 
approval process for each. 

Dr. Oveson wants access to the Oracle financial system, so he clicks 
to request access to that resource. Hospital policy requires that his 
request be approved by both Judith Allen and Steven Chapman in 
HR. Identity Manager 3 automatically ¢ mails Allen with the request. 
She simply clicks a link to bring up the approval form, then clicks the 
appropriate place on the form to approve the request. 

Between patient visits, Dr. Oveson accesses the User Application 
to check the status of his request. He sees that Allen has approved his 
request, but Chapman’s approval is still pending. 

In the meantime, Steven Chapman 
Cancun— decides to check his e-mail. Using a browser available in his 
hotel lobby, he logs in and discovers a long list of approval tasks that 
he forgot to assign to someone else while he was gone. 


who is vacationing in 


Chapman e-mails his manager and asks if he can temporarily reassign 
the approvals on his task list to another manager. Since Kathryn 
Johnson is an assistant manager with responsibility for Oracle financials, 
Chapman's manager assigns her to be Chapman's authorized delegate 
for all Oracle requests. Within minutes, Johnson receives Dr. Oveson’s 
request for access to Oracle financials. Because doctors are not normal- 
ly allowed to see hospital financials, Johnson denies the request. 
Hospital policies were protected with a few simple clicks, even though 
one of the approvers was lounging on the beach in Mexico. 

Before leaving on his next vacation, Chapman can delegate author 
ity to appropriate department heads, their assistants, or even 
temporary proxies. He can do the same thing the next month, when 
he'll be busy preparing annual reports. 

Simply put, Identity Manager 3 lets you make sure that provisioning 
approval decisions are always made by appropriate authorities with 
direct responsibility for the involved employces. It also lets you avoid 
delays if people are out of the office or swamped with other work. 


Figure 1 Novell Identity Manager 3 delivers advanced workflow-based provision- 
ing capabilities, automating the entire process each time a resource is 
requested, even if human approval is required. 
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Figure 2 Novell Identity Manager 3 makes it easy for users to manage their own 
passwords, enabling users to remember, create, change and reset their pass- 
word without calling the help desk 
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And without a common identi 


Identity is a common thread in many of today’s enterprise security issues. 


silo of identity an 


3 Password Management 

Normally, an employee who forgets his password must call the help 
desk for a password reset — eating up his own valuable time and driv- 
ing up support costs. But with Novell Identity Manager 3 you can 
synchronize a user's passwords to provide a single password to all sys- 
tems. Users are more likely to remember a single password. But if they 
don’t, they can receive hints or change the password through the User 
Application tool. Users can also manage their passwords using the 
native password interfaces in systems such as Microsoft Windows. 
(SEE FIGURE 2.) 

When Dr. Oveson forgets his password, the User Application 
comes to the rescue. It allows him to remember, create, change and 
reset his own password without calling the help desk and taking up an 
IT administrator’s time. 

When Dr. Oveson visits the User Application he is given one of the 


foundation, each new solution you add creates another 
adds to your security problems. 


following administrator-defined options: 

+ Password hint The administrator decides whether the system 
delivers the hint immediately on the screen or by e-mail. 
Password reset with challenge and response One or more challenge 
questions are displayed on screen. These can include questions 
originally created by Dr. Oveson himself, by the Identity 
Manager administrator, or a combination of both. When Dr. 
Oveson answers the questions correctly, he is permitted to 
change his own password. The new password is automatically 
checked for policy compliance, then updated and synchronized 
with all connected systems. 


With Identity Manager, you can ensure that passwords your users set 
are secure: you can create and enforce strong, system-wide password 
policies to protect your company against password-related attacks. 
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Reduced Complexity with Visual Design 


Another exciting new feature of Novell Identity 
Manager 3 is Designer, a set of visual configuration 
tools that provide a simple, yet powerful way to 
design and configure what you implement. (See 
Figure 3.) With Designer, you can: 


graphically model your implementation 
re-use configurations to help reduce deployment time frames 


create and test “what-if” scenarios before you deploy 
them to ensure proper policy definition 


automatically generate project documentation 
of all implementation details 


work offline to safely configure implementations 
outside of the production environment 


maintain project version control 


define and manage policies such as data transformation, 
placement and matching. 
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> Reassignment and Provisioning 

The capabilities of Identity Manager 3 combine to help you manage the user’s complete life 
cycle. For example, several years after he transfers to the hospital in Austin, Dr. Oveson is 
promoted to chief of staff at that facility. The promotion, of course, generates a number of 
changes in his identity information —and creates the need to update numerous records. With 
only a single change in the HR system, Identity Manager 3 propagates the identity informa- 
tion throughout the enterprise. Here’s what happens as a result of that single entry: 

+ Dr.Oveson is automatically given access to the new systems he needs as chief of staff. 

+ Access is instantly shut off to the systems he is no longer allowed to use. 

When Dr. Oveson moves from his office on the third floor to the new chief of staff 

office complex, his address is automatically updated in the system, and the update is 
distributed to all affected applications. 


+ Dr. Oveson now reports to a new manager. All systems are updated —for example, the 
appropriate employee to-manager relationship is changed in the financial applications, 
which affects the expense-report approval process. 


A valuable time-saver in cases of promotions and transfers, the feature is also a vital security 
measure. With a single change, you can revoke user access rights across all systems in real time. 
Asa result, former employees and business partners are completely deprovisioned when their 
business relationship with you ends. You gain instant protection against disgruntled ex 
employees, remove access to sensitive information, and eliminate lingering service expenses 
tied to former employces’ user accounts. 


> The Right Identity Management Foundation 
Identity is a common thread in many of today’s enterprise security issues. And without a com 
mon identity foundation, each new solution you add creates another silo of identity and adds 
to your security problems. 
Novell Identity Manager 3 removes barriers between your business systems and enables 
information to securely flow to your authorized users. You have the foundation you need to 
securely deliver the 
right resources 
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Novell Audit signs and chains your events so you have nonrepudiation. 
That means you log and record event data in such a way that you can prove 
events have not been tampered with and that your record is complete. 


et’s talk about the iPod for a minute. | love mine. | 
was introduced to the technology last year by my boyfriend who had 
me convinced | was nothing but prehistoric if I didn’t have those dis- 
tinet white ear buds in my ears while exercising or taking public 
transportation. Since then I’ve used my iPod to train for a triathlon, 
to help avoid conversation on airplanes and, just this last August, | 
even used it to usher in our wedding soundtrack. What a perfect 
union; us and our iPods, | mean. 

But wait. Now there’s an iPod Nano. It’s impossibly small, has a 
color display and up to 14 hours of battery life. How could something 
so good get even better? That's just the question you might find your 
self asking when you hear Novell is releasing the next version of 
Novell Audit (formerly Novell Nsure Audit) early in 2006. 

Now let’s step back and talk about why you should audit in the first 
place and what the previous versions of Audit did for you. Then I'll 
cover the new features and product enhancements you'll enjoy short- 
ly with Audit 2.0. And, if you have them, stick those white ear buds in 


and read this article with some enlightening music in the background. 
| recommend something with trumpets. 


> Why Audit? 

Whether you have healthcare records, product designs, payroll and 
employee information or financial histories, your company network 
has information that must be secure. As you know, that’s no small feat. 

‘To protect your electronic assets, you probably have security poli 
cies to ensure compliance with government regulations, such as the 
Health Insurance Portability & Accountability Act (HIPAA), the 
Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act or the United 
Kingdom's Data Protection Act. 

Whatever the case, as a network administrator, you likely translate 
those security policies into system-wide rules that enforce the various 
external and internal policies. 

After you've implemented your auditing strategy, you need a way 
to assess overall compliance with company wide policies, respond 


Figure 1 You can get a bird's-eye view of each application that is plugged into 
Audit and logging events to the Platform Agents 
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Figure 2 You can harvest connection statistics such as the number of clients 
connected and the number of events being logged for each client 
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quickly to violations, pull and analyze logged data and produce reports to prove that all your 
regulations are being met. To sum it up, you have to know and regulate what's going on in every 
corner of your network—at all times. Feeling overwhelmed yet? 


Past Versions 
Novell (Nsure) Audit 1.0 shipped in 2003 providing a replacement for Auditcon and Novell 
Advanced Auditing Services (NAAS), as well as a logging foundation for Novell products such 
as Identity Manager, tChain, BorderManager and eDirectory. Audit is the result of years of 
experience Novell has under its belt developing some of the most secure enterprise software 
solutions in the industry. 

Versions 1.0.1 ~ 1.0.3 soon followed the initial release and focused on improving stability and 
fault tolerance, standardized the event format and introduced additional notification channels. 


What Comprises Audit? 
Novell Audit is a client-server solution with four primary components: 
the client portion of the Novell auditing system. The Platform Agent 
receives logging information and system requests from authenticated applications and 
transmits the information to the Secure Logging Server. 
the server component of the Novell auditing system. The Secure 
Logging Server manages the flow of information to and from the Novell auditing system. 
In other words, it receives incoming events and requests from the Platform Agents, logs 
information to the data store, monitors designated events, and provides filtering and noti 
fication services. You can also configure it to automatically reset critical system attributes 
according to a specified policy. 
the repository where audit data is stored. Novell Audit protects log data from 
record modification, insertion or deletion by allowing only one program component, the 
Secure Logging Server, to write events to the data store. Using its available channel driv- 
ers, Novell Audit can log events to the following storage devices: 
: Flat file in the file system 
MySQL database 
* Oracle database 
* Microsoft SQL Server database 


+ Syslog database. 
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+ Reporting Applications Novell Audit provides two tools you can 
use to gencrate reports from MySQL, Microsoft SQL Server and 
Oracle data stores. 

* Novell Audit Report is a Windows based, Open Database 
Connectivity (ODBC)-compliant application that can 
gencrate reports from Oracle and MySQL. data stores. It 
includes predefined reports and you can integrate it with 
Crystal Reports to get full custom reporting capabilities. 

+ iManager is a browser-based, Java Database Connectivity 
(JDBC)-compliant application that can generate reports 


from MySQL data stores. 


> How Does Audit Work? 
In basic terms, these components work together like this: the 
Platform Agent collects event data from the Logging Applications 
running on the server or workstation. (SEE FIGURE |.) In nonrepu- 
diative mode, the Platform Agent (or Logging Application) then 
digitally signs cach event before transmitting it over a mutually 
authenticated and encrypted connection to the Secure Logging 
Server. (For more information on nonrepudiation and signing, sce 
Audit Signing and Chaining below.) 

The Platform Agent and Secure Logging Server establish this 
secure communication channel using Transport Layer Security (TLS). 

The Secure Logging Server writes the data to a persistent data 
store, such as My SQL, Oraele or a flat file. The reporting applica 
tions query the data store and generate reports. Simultancously, the 
Secure Logging Server evaluates the data to determine if any alerts 
are required or if any monitored values have changed. 


> Audit Signing and Chaining 

Novell Audit helps you achieve nonrepudiation through a process 
Novell refers to as the signing and chaining of events. In the context 
of auditing, nonrepudiation means that you log and record event data 


in such a way that you can prove that events have not been tampered 
with and that your record is complete. And that’s important — espe 
cially in today’s socicty. 

Novell Audit components work together to protect the integrity of 
your logged data by signing and chaining events. Here’s how: 

Signing is the process whereby the Platform Agent (or, in some 
cases, the Logging Application) affixes a digital signature to cach 
event it receives before forwarding the event data to the Secure 
Logging Server. This signature enables the Secure Logging Server to 
verify the integrity of the event data it receives and thus ensure that 
the event data has not been tampered with. 

Chaining is the process whereby the Platform Agent (or in some cases, 
the Logging Application) includes a hash of the previous event (from the 
same Logging Application) with cach new event from a given Logging 
Application. The hash (along with the data from the next event) is also 
signed. This hash enables the Secure Logging Server to verify that all 
events arc in the data store and that none of them have been removed. 

Through signing and chaining, Novell Audit protects your data 
against various types of security breaches, such as rogue administra 
tors attempting to cover their tracks. 


> What’s New with Novell Audit 2.0 
NEW PRODUCT FEATURES 
1 Windows Event Collector 
The Window Events Collector runs as a service on Windows 
2000 / XP / 2003. 
This new feature retrieves events from the various 
Windows event logs including: 
+ Application log 
* Security log 
+ System log 
* Directory Service log 
* File Replication Service log 


Figure 3 Using the easy management tool iManager, you can gather 
real-time server statistic as memory used, running time, 
received. 
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Figure 4 You can drill down even further and monitor each event being logged 
and how often they are coming in 
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+ Domain Name Server (DNS) log. 
Windows events are collected and sent to 
the Secure Log Server for processing by 


Novell Audit. 


i) 


New Notification Channel 

Audit 2.0 implements the Java Message 
Service (JMS) channel as a JMS 
Producer client application. It receives 
event messages from the Novell Audit 
event notification system, maps the event 
information into JMS messages and sends 
them to a JMS bus. JMS Consumer 
applications can then retrieve the JMS 
messages from this destination. 


Log File Parser 

The Log File Parser allows consumption 
of existing text logs without needing to 
instrument the application. This means 
that Novell Audit can collect events from 
applications— previously not possible 
by harvesting events from text-based log 
files such as syslog on both UNIX and 
Linux systems, Apache Error Logs and 
ZEN Application Launcher logs. (si) 
FIGURE 2.) The events are parsed and 
formatted in the Novell Audit event 
structure so they can be processed by 
Novell Audit. The Log File Parser has 

a simple user interface, allowing 
administrators to quickly integrate new 
application data in Novell Audit. 


NEW PRODUCT ENHANCEMENTS 
1 Monitoring 
The Monitor channel provides logging 
system statistics in the easy-to-use 
management Web tool —iManager. (StI 
riGURE 3.) When the Monitor Channel 
object is enabled, cach Secure Logging 


Novell Audit 2.0 At a Glance 


Components 

1. Platform Agent 

2, Secure Logging Server 
3. Data Store 

4. Reporting Applications 


New Features 

1. Windows Event Collector 
2. New Notification Channel 
3. Log File Parser 


| Enhancements 
1. Monitoring 
2. Improved Event Filtering 


Server object includes the Monitor tab as 
one of its Logging Server options. The 
Monitor tab provides the following 
information: 
* total number of events logged during 
the current server uptime 
+ average number of events logged per 
second (this is averaged over a 
three-second interval) 
+ 1P addresses and descriptions of the 
chents (Platform Agents) 
ee 
Secure Logging Server 
(SEE FIGURE 4.) 
+ applications logging events to cach 
Platform Agent 
* events logged by each agent. 


currently logging events to the current 
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improved Event Filtering 

In previous versions of Novell Audit, all 
event notification filtering took place at the 
Secure Logging Server rather than with the 
Platform Agents. Novell Audit 2.0 allows 
administrators to implement event filters at 
the Platform Agent using each logging 
application’s associated application object. 
Pushing event filtering down to the 
Platform Agent minimizes traffic between 
the Platform Agent and the Secure 
Logging Server, decreases the load on the 
Secure Logging Server, and conserves disk 
space in the central data store. 


As you can see, previous versions of Novell 
Audit have successfully simplified the job of 
securing your network since 2003. But just like 
my iPod and the Nano, the product has gotten 
even better. With features enhancing every 
thing from collecting, monitoring, filtering 
and notifying of event data, this is definitely a 
good thing—made even better. N 
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s you arrive at work, you worry whether today 
might be the day. You approach your computer with trepidation 
and turn it on. At the login screen, you slowly punch in your special 
row of asterisks and click the OK button. After a few seconds your 
worst fears are realized; you're informed you have 14 days to come 
up with a new password. You turn your mouse pad over, scratch off 
your current password and try to think of something you haven't 
used before. 

As you type in your pet’s name, you're informed of some new secu- 
rity requirements that your new password must meet. These new 
requirements include special characters, upper-case letters, numbers 
and the length of the password. Aghast, you look around at the items 
on your desk for inspiration, but nothing comes. 

This is the mindset of your typical network user. The last thing 
they want to hassle with is password management. This type of user is 
not trying to come up with a password scheme based on mathemati- 
cal algorithms that maximize the security of the network. All they 
want is to quickly change their password to something they will 
remember in ro minutes. Beyond their system password, if they have 
to access a network application which requires user credentials, they 
tend to act a lot like electricity: when discharged, electricity heads to 
ground by way of the path of least resistance. 

A user’s path of least resistance is to choose the same password 
for the application that they use to log in to the system. In math, we 
refer to it as the “least common denominator,” where the user has 
one common password which is easy to remember and is based on 
something simple or common to them. Isn’t it ironic that the strict 
security policies put in place to safeguard the network, end up hav- 
ing the opposite affect? 

To go one step further, factor in the number of network or 
Internet-based applications that the user needs to access. In many 
organizations, users access upwards of eight different systems or 
applications. These applications might include CRM systems such as 
SAP, terminal emulation to legacy main frame applications or even 
custom, internally developed Web applications. 

Each application has its own unique password-change policy and 
format requirements. In this scenario, the Nirvana of a single, simple 
password for all applications lasts only a few days, after which the 
variation of password requirements and combinations explodes expo- 
nentially forcing the user into what could be considered the roth ring 
of hell; in Dante’s The Divine Comedy, Virgil guides Dante through 
the nine rings of hell. Had Dante written in the 21st century, he sure- 
ly would have included a roth ring dedicated to the types of suffering 
endured by you and your users, due to out-of-control identity and 
password management issues. 
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> Direct and Hidden Costs of Password Management 
According to different analyst reports, suffering in that roth ring 
costs enterprises anywhere from $25 to $50 USD every time a user 
calls the help desk with a password-related issue. For an organiza 
tion with 10,000 users, this could easily cost more than $100,000 
per year. This yearly, hard cost doesn’t take into account the soft 
costs associated with the loss of productivity while users wait for 
passwords to be reset. 

In an effort to cope with and reduce the suffering that passwords 
cause, users often turn to the corporate-banned SNUMP method of 
password control. SNUMP. better known as “Sticky Note Under the 
Mouse Pad,” helps users maintain password lists without having to 
program master control spreadsheets or attend Memory seminars. 
While this may decrease a network user's suffering, it increases the 
suffering of those who are trying to safeguard the network. You've 
been trying to eliminate the SNUMP method for years without suc 
cess. The harder you try to impose greater security on the network, 
the less secure it actually becomes. But now, with the latest release of 
Novell SecureLogin, you can be saved from password hell. 


> Novell SecureLogin 6.0 

Novell SecureLogin 6.0 provides enterprises with fast and easy access 

to corporate resources using a single, secure login. Users authenticate 

once to the network and from then on, SecureLogin streamlines and 

automates access to their applications and resources. SecureLogin 6.0 

also allows you, as an administrator, to take control of credential man- 

agement. SecureLogin becomes the password broker between all of 
the network applications and your end users. By creating secure pass- 
word policies and associating them with users and the network 
applications, you can affect your organization in several positive ways. 

You can: 

* increase the security of the network data and applications by 
enforcing strict password requirements and policies without 
having to place that burden on the shoulders of your users 

* reduce the help desk costs with regard to password_related issues 

* improve user productivity by streamlining their access to network 
applications and by reducing the time wasted calling the help desk 
with password-related issues 

+ facilitate compliance with new government regulations for 
identity, privacy, policy enforcement, and audit and 
authentication services. 


> What’s New in SecureLogin 6.0 
Novell SecureLogin 6.0 incorporates significant enhancements. 
Some of the most important of these are a new user interface; 


A user’s path of least resistance is to choose the same password for the application 


that they u 


se to log in to the system. In math, we refer to it as the 


“least common denominator,” where the user has one common password 
which is easy to remember and is based on something simple or common to them. 


Isn’t it ironic that the strict security policies put in place to safeguard the network, 


end up having the opposite affect? 


improved management capabilities, including integration with 
iManager; added support for Mozilla Firefox; a new Web Wizard; 
significant out-of-the-box application support; and the new ability 
to use advanced security methods, such as smart cards and biomet- 
ric devices. 


it New User Interface 

SecurcLogin 6.0 has a redesigned user interface for casier naviga- 
tion. The new interface includes a two-panel display with a browse 
tree on the left and a display of the user's settings and options on the 
right. (Str FiGURE L.) Novell enriched the interface with graphics 
to help identify tools, settings and user information. Novell also 
implemented customer usability feedback to make it more intuitive 
when you create or modify new application definitions and linked- 
login credentials. 


2 Improved Management Capabilities 

You can now integrate and manage SecureLogin 6.0 with iManager, the 
Novell Web management utility. As iManager continues to take over for 
ConsoleOne, this integration continues the progress to centralize all of 
the management utilities via the Web. Also, Group Policies are now sup- 
ported in 6.0, which improve managing application access and 
credentials. Group Policies extend the existing capability of managing at 
the user and container level; hence, you have greater flexibility and con- 
trol to implement your security policies. (SEE FIGURE 2.) 

If you're using LDAP as your directory, or if you have multiple 
directories because of mergers or acquisitions, a new tool simplifies 
administering access rights in LDAP. Available in LDAP mode, this 
tool has a tree-style utility that lets you browse to an LDAP object 
and assign rights to it. Previously, you had to know and enter the fully 
qualified object name, including the location context. That was prone 
to user error, but the new utility resolves that issue. 


Figure 1 SecureLogin 6.0 has a new user interface that incorporates a tree view on the 
left for easier navigation and the settings and options on the right 
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Figure 2 SecureLogin 6.0 is now integrated with iManager, the Novell Web 
administration tool. This enables you to administer SecureLogin from anywhere 
with a browser and an Internet connection. 
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Some of the advanced features help shorten the time and simplify 
the process of getting into an application. Normally, you might have to log in to a 
remote system, launch and authenticate to an |x gl 


possibly answer some questions or respond to popups, and t 


en navigate within 


the application to get to the desired area. 
SecureLogin can now automate the entire process based on the 
click of a single application icon. 


3 Support for Mozilla Firefox 

A significant addition, the Web Wizard now supports Mozilla Firefox. 
In the middle of 2005, Firefox reported that it had surpassed 50 mil 
lion downloads. ‘Touted as a more secure browser than Internet 
Explorer, many enterprises have adopted and standardized on 
Firefox. One benefit of the new Firefox support is that all scripts and 
application definitions you create for Firefox, also work on Internet 
Explorer, and vice versa. Few environments have a homogencous 
browser installation; by adding Firefox support, you have a greater 
internal reach and a bigger impact when you implement your security 
policies across your organizations. 


4 Updated Application Support 

SecureLogin also now has an expanded application definition library. 
It provides out-of the box support for several Windows applications: 
for example, SAP. SQL Server, Novell GroupWise; terminal-based 
applications; and configurations for several popular Web sites such as 
Yahoo! Mail and Hotmail. (SEE FIGURE 3.) 


Figure 3 SecureLogin 6.0 has expanded its application definition library and 
provides immediate support for several Windows applications, terminal-based 
applications, and configurations for several popular Web sites. You can also 
easily add your own applications 


comrerenmnennneerrrss 


New Application — 


@ Predefined Application Definition 
| SAP R/3 Login 
| Trillian 
Visual Source Safe Login 
VNC 
Windows 9x Dialup Networking 
Windows 9x Login 
Windows NT Logon 
Yahoo! Mail 
LYahoo! Messenger _ 


© New Application Definition 


SecureLogin also now supports Java based applications and extended 
add features that support the advanced requirements you have for 
complex Web applications. You can even configure it to look for 
applications that load prior to SecureLogin, such as iFolder, and pass 
credentials to the waiting applications for authentication. 


5 Improved Web Wizard Functionality 
The improved Web wizard functionality in version 6 makes the single 
sign-on process on Web sites quicker and easier for everyone. The 
SecureLogin Web Wizard appears the first time a user visits a Web 
site that requires user credentials. The user is prompted to enter their 
credentials which are quickly captured for later use. This simple, one 
step process enables Web sites to provide users with seamless, 
hassle free access when they visit again. (SEE FIGURE 4.) 

You can also use some of the advanced features to shorten the time 
and simplify the process of getting a user into an application to do their 
work. Normally, a user might have to log in to a remote system, launch 


Figure 4 Through single sign-on, SecureLogin can automate the log-in process 
when users revisit sites that require credentials and log in passwords 
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and authenticate to an application, possibly 
answer some questions or respond to pop 
ups, and then navigate within the application 
to get to their desired area. SecurcLogin can 
now automate that entire process based on 
the click of a single application icon. 


You can now configure SecureLogin, in con 
junction with Novell Modular Authentication 
Services, to add additional levels of security 
at the most impor 
tant pl: ices. These additional levels of security 


into your environment 


include support for smart cards, tokens and 
biometric devices. 

A smart card is a small credit-card sized 
authentication device that includes a pro 
grammable microchip that can store data and 
perform cryptographic functions. 

Tokens are small hand-held devices that 
generate one time passwords for authentica 
tion. Several token methods exist, but the 
most common is when a user provides their 
credentials and is given a random number 
challenge. That random number challenge is 
entered into the Token device, which will issue 
the appropriate response for authentication. 

Biometric devices are scientific devices that 
analyze a human body characteristic and com 
pare it to a stored data version of the same 
characteristic. These characteristics can include 
fingerprints, eye retinas and facial characteris 
tics. You can integrate smart cards, tokens and 
biometric devices at strategic areas to enforce 
strong proof of identity before allowing access 
to sensitive or confidential applications or 
data. You can now take complete control and 
lock down access to your data because of the 
added support and integration of these 
advanced Novell Modular Authentication 
Services security devices to SecureLogin. 


Certified Security 


Novell SecureLogin 6.0 now includes new 
advanced-security libraries. These ni 
are Federal Information Processing Standarc 
(FIPS) 140-2 compliant. FIPS 140-2 is a stan dard 
published by the National Institute of Standards 

and Technology (NIST) that outlines the U.S 
Federal government security requirements 
implemented in IT products to deal with Sensitive, 
but Unclassified (SBU) data use. FIPS 140-2 has 
also been adopted by the Canadian 
government's Communication Security 
Establishment (CSE). The previous release of 
SecureLogin included the OpenSSL libraries, but 
these libraries were not FIPS approved 


1ew libraries 


SecureLogin also tracks and captures net- 
work authentication and access events, which 
can be reported and audited using Novell Audit. 


> What’s in a Version Number 


If you're familiar with the previous release of 


SecureLogin, you might have recognized a 
significant change in the version number. 
While there have been significant improve 
ments and additions to the product, the 
answer to the version number is quite simple: 
Active Card, Protocom and Novell have col 


laborated and released different versions of 


SecureLogin in various forms. Active Card 
recently acquired Protocom and the com 
bined entity is now called Active Identity. 
Active Card had a previous release of their 
5. Even though 
the last Novell release was version 3.51, the 


software which was version 5 


next logical release number to help synchro 
nize the products across partners was 6.0. 


> Conclusion 

Password and identity management are sert- 
ous topics that require serious attention, 
especially in large organizations. Most organi 
zations today deal with these issues by treating 
the symptoms rather then implementing a 
cure; in reality, they're just chasing their own 


tails and increasing the size of the roth ring of 


hell. SecureLogin 6.0 has everything you need 


to take back control of your networ rks while 
lowering your costs and increasing the securi 
ty of your systems as well as the productivity 
of your users. It also facilitates and simplifies 
conformance to government and corporate 
regulatory requirements. Now you can allevi 
ate your own pain and remove the need for 
anyone to use the SNUMP method of pass 
word management. Instead of letting that 
roth ring get bigger, you can get rid of it— 
SecureLogin 6.0. N 


with 


FIPS 140-2 certification is required for 
companies who want to sell products that include 
cryptographic modules to the U.S. Federal 
Government. In addition, with the increased 
awareness and pressure to implement other 
regulatory requirements, such as those imposed 
because of Sarbanes-Oxley, the financial 
community has begun to specify FIPS 140-2 as a 
required checkbox for purchase consideration 


Big 
Brother 
in your 
email. 


Reveal empowers Executives 
with the tools they need to 
enforce email policy. 


Look inside a GroupWise mail box 


without changing the password. 


Instant access to GroupWise 
mailbox for: 

Compliant Officer 

HR Personnel 

Security Officer 


Reveal ensures that Executives 
are able to accurately evaluate 


email activity so they can properly 


enforce policy and procedure. 


www.GWAVA.com 


Reveal helps Executives monitor 
and protect company assets. 


GWAVA is Protecting You. 
Call 1-866-464-9282 
Visit: www.GWAVA.com/Reveal 


© 2006 GWAVA 

GroupWise is a registered trademark of Novell, Inc. in the 
United States and other countries. 

All rights reserved. 


TECH- 
TALK 


BrainShare 2006 Preview 


A Fresh Twist on an Industry Favorite 


By Todd Swensen 


nyone who has attended BrainShare will tell you that it’s 

more than just another technology conference that 

there has always been a “certain something” that sets 
BrainShare apart and makes it unique. So what is that secret ingredi 
ent? What motivates thousands of attendees to return to BrainShare 
year after year? And why does BrainShare engender such fierce loyal 
ty and enthusiasm among so many people? 

There are many good, concrete answers to these questions. 
BrainShare is, after all, widely recognized as one of the world’s pre 
miere technology conferences. Duri ing more than 20 years, it has built 
a reputation for dynamic and entertaining general sessions, quality 
technical breakout sessions, sophisticated hands-on technology labs 
and a vibrant partner presence. OF course, the brains behind 
BrainShare also understand that people come to technology confer: 
ences to build new relationships with colleagues and industry experts, 
so there are always plenty of great parties, concerts and other oppor- 
tunitics to mingle, meet people, discuss new business opportunities 
and have a great time in the process. 

But like any memorable event, the “certain something” that makes 
BrainShare unique is more than the sum of these tangible parts, and 
its appeal somehow goes beyond its sessions, programs and partics. 
BrainShare has a distinct culture, a unique personality and a rich her 
itage developed slowly over the years—that defines and enriches 
die. experience for every attendee. It provides a distinctive environ 
ment for learning, sharing and networ king that directly reflects the 
quality of the people who attend. And every year, thousands of atten 
dees travel home from BrainShare with fond memories and new tools 
and ideas for improving their businesses. 


> New Variations on a Proven Theme 

Of course, BrainShare 2006 will incorporate all of the rich history and 
unique culture that have made the conference so successful. But this 
year, BrainShare is also rolling out some notable enhancements that 
will make it an even more enjoyable and productive experience. 


What’s New at BrainShare 2006? 


* Regional BrainShare conferences have been 
condensed into a single, global event. 

* Technical breakout sessions were chosen 
based on attendee voting. 

* Advanced Technical Training sessions from 
Novell Training Services will create exciting 
new learning opportunities. 

* More tightly focused sessions—all based on 
the five Novell Market Solutions areas— 
will place Novell technology in the context 
of business needs. 
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BrainShare 2006: MARCH 
19-24 


First, in 2006 all of the regional BrainShare conferences will be con 

densed into one global “super conference” in Salt Lake City. This will 
make it possible to focus all of Novell's technical resources on one 
event, provide attendees with new opportunities to network with 
peers and experts from around the world and provide a more robust, 
in-depth conference experience. By attending a single global 
BrainShare conference, attendees will gain more personalized access 
to the best Novell engineers and industry experts, the freshest con- 
tent and the widest possible range of information. 

BrainShare 2006 also marks a fairly dramatic shift in the way tech- 
nical breakout sessions are developed and presented. In the past, 
Novell's product teams have worked together to define and develop 
all of the content for breakout sessions. This year, for the first time 
ever, attendees have been directly involved in the process. Over the 
past few months, attendees have been able to log into the BrainShare 
Web site, review more than 300 proposed technical breakout sessions 
and vote on which sessions they would most like to see presented at 
the conference. The results of the voting were used to dev clop the 
final roster of breakout sessions. Voting ended on January 4th, but 
during the final few months of 2005, thousands of attendees voiced 
their opinions and played an invaluable role in determining which 
technical breakout sessions Novell will offer at BrainShare 2006. 

Another important first this year will be the addition of Novell 
Advanced Technical Training sessions—all conducted by highly 
trained and certified Novell Training Services engineers. For the first 
time, attendees will be able to participate in more than 20 of these 
award winning, hands-on Advanced Technical Training courses at 
BrainShare— at no additional charge. 

Finally, the BrainShare 2006 organizers have gone to great lengths 
to place all of the technical information at the conference in the con 
text of Novell's business strategy. This will make it easier to marry the 
technical details covered in the breakout sessions and technical labs 
with the important business drivers and high-level strategy presented 
in the general sessions. For example, all of this year’s breakout sessions 
are built around the five Novell Market Solution areas: data center, 
security and identity, resource management, workgroup and the desk- 
top. This approach will make it easier to make the critical connections 
between the technical capabilities Novell offers and the business 
requirements that make them relevant and necessary. 


> A Technical Conference That Makes Good Business Sense 
BrainShare has always been successful because attending has always 
been a smart business decision. This year, the list of convincing busi 

ness reasons for attending BrainShare is longer than ever beboie: At 
BrainShare 2006, attendees will have even more opportunities to 
exchange ideas with other IT professionals and industry leaders, take 
advantage of hands on, collaborative training opportunities and par 

ticipate in “birds of a feather” discussions that bring people with 
similar industries or job responsibilities together to share experiences 
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and information. BrainShare also gives attendees important opportu 
nities to sharpen their skills, with an impressive variety of hands-on 
training, in-depth technical workshops and certification courses. 
These types of networking and training opportunities have always 
been an important part of the business case for attending BrainShare. 
But this year’s conference is also structured to help attendees apply 
Novell technology to important business challenges. For example, 
attendees will learn how they can tap the many business advantages of 
Linux, gain freedom from proprietary solutions and vendor lock-in 
and move their businesses toward less expensive, more reliable and 
more flexible hardware platforms. They'll also have the opportunity 
to explore new ideas for securing their businesses, dealing with regu- 
latory compliance issues and expanding secure access to customers 
and partners. And they'll be able to examine new ways to save money 
by consolidating networks and optimizing key systems. After spend- 
ing a week at BrainShare, every attendee will be in a much better 
position to solve some of their toughest business problems, and that 
qualifies as a good business investment by anyone's standards. 


> Working With the Best 

Novell solutions certainly don’t work in a vacuum, and BrainShare is 
the best place to see how hardware and software from other technol 
ogy companies work with and complement Novell technology, This 
year, BrainShare will showcase joint solutions from Novell and some 
of the biggest, most recognized names in the industry, including 
AMD, Dell, HP, IBM, Intel, Oracle and many others. The Novell 
PartnerNet Showcase makes it easy to see Novell partner solutions in 
action, and the traditional Partner Night party gives attendees the 
opportunity to interact with partners in a fun, informal setting. 


> Up Close and Personal 

BrainShare certainly offers something for everyone—from high 
powered general sessions to personalized hands-on training, In 2006, 
attendees will have access to a wider range of sessions, facilities and 
activities than ever before. 


> General sessions 

BrainShare general sessions have always provided the perfect blend of 
information and excitement with insightful keynote addresses, cut- 
ting edge demos and entertaining video segments and competitions. 
These sessions, typically packed with more than 5,000 people, are the 


best place to learn what Novell has planned for the coming year, gain 
fresh insights into Novell's strategic direction and industry trends and 
get a first look at the very latest Novell technology. 


> Breakout sessions 

BrainShare 2006 will feature more than 220 technical breakout ses 
sions, more than two-thirds of which will feature new content. This 
year’s breakout sessions have been scheduled specifically to reduce the 
number of competing courses offered at the same time. The addition 
of more than 20 hands-on Advanced ‘Technical Training courses will 
add new depth and dimension to the breakout session portfolio. And 
thanks to the new attendee voting process used to help determine 
topics and content, this year's breakout sessions will be more relevant 
and focused on the needs of the audience than ever before. Together, 
these enhancements translate into the best, most diverse and most 
complete technical content ever offered at BrainShare. 


> PartnerNet Showcase 

This year, dozens of industry-leading hardware and software compa 
nies will be featured in the BrainShare Partner Showcase. This 
convenient mini tradeshow environment makes it easy to sce partner 
solutions in action and speak with representatives from many differ 
ent partner companies. BrainShare 2006 will also feature a 
Sponsor-Night, an after-hours party and a wide selection of partner 
breakout sessions. 


> Developer Den 

BrainShare started out as a developer conference. At BrainShare 2006, 
the Developer Den honors that tradition by providing developers with 
an environment where they can network with their peers, share ideas 
and information and take advantage of developer-focused technical 
sessions, training courses and other resources. This year, the 
Developer Den will place a special emphasis on providing resources 
for the exploding ranks of Novell Linux developers. 


> Training Depot 

With steep 30 percent discounts on all training materials, the Training 
Depot bookstore offers some of the year’s best prices on Novell 
Training Services manuals and other technical publications. The 
Training Depot also sponsors book signings, interviews with authors 
and industry experts, and other activities. 


The Top Six Business Benefits of 
Attending BrainShare 


1 Learn to create more freedom 
of choice using Linux. 

2 Save money by learning new 
consolidation and optimization 
strategies. 

3 Learn about important new 
Novell technologies and 
solutions. 

4 Sharpen your skills with hands- 
on training and in-depth 
workshops. | 

5 Network with peers and form 
new business relationships. 

6 Learn how to secure your 
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> Testing Center 

Once again, BrainShare has teamed up with 
Novell Training Services to offer onsite cer 
tification testing opportunities. This year, 
attendees can take the Practicum exam at 
BrainShare for only US$99, compared to the 
regular price of US$195. OF course, Novell 
Training Services representatives will be 
available all week to help attendees explore 
different training and certification options 
and discuss the benefits of Novell Technical 
Services training. 


> Novell Hot Spot 

The Novell Hot Spot provides a comfortable 
refuge in the middle of BrainShare where 
attendees can go to relax between sessions, 
shop for Novell merchandise, take advantage 
of free wireless Internet access and even play 
a quick game of pool. 


> BrainShare After Hours 

After all the sessions, workshops and mect 

ings close down for the day, BrainShare shifts 
into party mode—with something fun to do 
every night. This starts with the opening 
Welcome Reception on Sunday evening and 
ends with Meet the Experts Night on the last 
night of the conference. For many attendees, 
Wednesday's Concert Party at the Delta 


Center is a major highlight. This year, the 
Counting Crows will put on a show that will 
keep people talking (and ears ringing) for days. 


> Putting the Pieces Together 

On March 19, all of the tangible and intangi 

ble pieces will come together to recapture the 
“certain something” that makes BrainShare 
unique. More than 6,000 attendees will dis 

cover, or rediscover, why BrainShare is one of 
the industry's premiere venues for learning, 
exploring and networking. They will remem 

ber exactly why attending BrainShare is such 
a smart business decision. They will experi 

ence one of the most fun and distinctive 
technology conferences in the world. And 
with all of the refinements and improve 

ments, those who are returning will almost 
certainly mark the 2006 4 
BrainShare as the best ever. N 
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Each Novell Market Solution area will feature 
dozens of technical breakout sessions. Here 
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TECH- 
TALK 


Extendin 


ZENworks and the ENGL Imaging Toolkit 


By Steve Thompson and Heath Upton 


onsider the different hardware and software configura- 

tions you have in your company. Can you count them all 

on one hand? If you count on both hands and both feet, 

would that be enough to cover your organization’s varied OS environ- 

ments? For most, it isn’t near enough, but there are ways of taking the 

pain out of deploying and maintaining all those computers. Consider 
a Standard Operating Environment (SOE) as a first step. 

Many organizations realize the benefits of deploying an SOE. 

They can reduce costs, improve service levels and productivity, and 

provide a secure and stable platform for business applications. But 


what is an SOE? 


> Introducing ENGL Imaging Toolkit 
The core component of an SOE is the operating system; it provides 
the basis upon which the other SOE components such as applications 
and organizational policies can be reliably built and deployed. The 
ENGL Imaging Toolkit provides a modular turn-key solution for the 
deployment and maintenance of Windows 2000 and XP Professional 
workstations as part of an SOE project. 

Novell ZENworks 7 provides a powerful imaging framework that 
supports the creation of base and add-on (layered) images. ENGL 


the power of ZENworks 


developed a methodology called Smart Windows Deployment that 

leverages ZENworks imaging capabilities to the fullest. The approach 

is to make the build process as modular as possible. This is important 

for a number of reasons: 

* Maintenance You can update individual components rather than 
one big image. 

* Flexibility The build can easily be tailored and extended. 

* Distribution In multisite environments, only the components that 
change need to be replicated between sites. 


The ENGL Imaging Toolkit consists of three components: Zim, 
Zeoolkit and Zwake. Each addresses a different element of the process 
of automatically deploying Windows across many different hardware 
types throughout your organization. 


> Enhanced Imaging with ENGL Zim 

ENGL Zim provides a front-end interface to the ZENworks Imaging 
Linux environment on the workstation, and lets you configure how 
ZENworks imaging is presented to technicians and end users. Zim 
lets you deliver imaging tasks based on a user's eDirectory identity. It 
simplifies the end-user experience. Zim can also automate manual 


Figure 1 The ENGL Ztoolkit build process is designed to automate the entire 
Windows buil 


d process without manual intervention 
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Figure 2 The Zioolkit Sysprep wrapper simplifies and enhances Microsoft 
Sysprep; it supports the installation of OEM drivers and hotfixes that have been 
delivered using ZENworks add-on images. 
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tasks, such as restoring ZENworks images and ‘hiding’ complex imag- 
ing tasks behind a single menu option. 

Organizations increasingly have a requirement to minimize the 
time involved in deploying or redeploying workstations. The ability 
for anyone to be able to image or reimage a machine means that you 
can reduce the training and deployment costs by using a simple and 
intuitive front end to the imaging environment. 


> Enhanced Windows Deployment with ENGL Ztoolkit 
ENGL Ztoolkit enables complete automation of the Windows 2000 
or XP build process from the point the machine first boots the OS to 
the machine being ready for the end user to log in and begin work. 
Ztoolkit takes care of the following without any manual intervention. 
* computer naming 

» ZENworks workstation registration 

+ Active Directory/Domain registration 

* application delivery 

* customization of the Windows environment. 


Ztoolkit can perform many build tasks that traditionally require exten- 
sive scripting and batch files just by using a single configuration file. 
Combined with ZENworks 7 Desktop Management, you can deliver 
thousands of workstations that are all built to exactly the same standard. 


> Enhanced Lights-out Deployment with ENGL Zwake 
ENGL Zwake is a task-based, lights out scheduler, which extends 
ZENworks Wake-on-LAN (WoL) capabilities. It lets you schedule a 
sequence of imaging-related tasks to perform against target worksta- 
tions. For example, you can select a group of workstation objects in 
eDirectory and specify a start time for tasks. Then Zwake can per- 
forma series of tasks, such as setting the ZENworks “restore image on 
reboot” flag and then sending WoL packets to start the image deploy- 
ment process on those machines. 


Creating the Build Process 

UNIVERSAL BASE IMAGE 

The process of deploying Windows using the ENGL Imaging Toolkit 
starts with the creation of a universal base ZENworks image. 

ENGL recommends that the Universal Image is kept as clean as pos- 
sible so it consists of just the core OS and major service packs. Keeping 
the base image as lean as possible will require minimal maintenance 
when support for new machines is required and applications are added 
or removed. In normal circumstances, the base image will only be 
rebuilt when a major OS service pack is released. Because of the modu- 
lar nature of the ENGL build process, all other SOE components can 
be delivered using ZENworks add-on images or application packages. 


USING ZTOOLKIT BUILD WIZARD 

The Ztoolkit Build Wizard helps you create a Universal Image and guides 
you through the process of defining how Windows will be built and con- 
figured for your SOE. The wizard interface presents each element which 
helps first-time users through the process of Windows deployment. 


The Ztoolkit Build Wizard helps you with several tasks: 

* computer naming 

* regional settings 

+ multilanguage pack installation 

> Novell client installation 

+ ZENworks Management Agent installation 

+ ZENworks Workstation registration and group membership 
+ Active Directory membership and security 

- ZENworks application delivery 

* Windows customization. 


The Ztoolkit build process has four phases and each ends with an 
automated reboot. (SEL FIGURE |.) Each phase performs a series of 
tasks and can interact with eDirectory or Active Directory as required. 


Figure 3 Zdrivers uses device filters to let you extract OEM drivers while 
excluding drivers that are in the Windows base image 
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Figure 4 Zorivers creates a ZENworks add-on image that contains the extracted 
drivers as well as a lookup file that ENGL Zim uses to automatically select and 
restore OEM driver images 
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For security, you can disable the keyboard and mouse (including spe 
cial Windows keys and even the Ctrl-Alt-Delete reboot keys) during 
the build process. You can tailor the build process to always deliver 
your exact requirements. If the machine is turned off during the build 
process, Ztoolkit will begin where it left off when it is restarted. 


> Customizing the Build Process 

The Ztoolkit build process allows you to tailor the Windows environ 

ment to a specific set of SOE requirements. You can call registry 
updates or scripts to make specific changes to the environment before 
and after each individual build phase. For example, it’s common to 
disable balloon pop-up tips in Windows XP during the build process: 
create a phaset-before.reg file with the necessary registry keys and 
update the registry with that .reg file before Phase 1 begins. 

You can also use the included Ztoolkit ActiveX control in build 
process scripts to perform tasks such as LDAP queries, ZENworks 
Image-safe Data (ZISD) queries and Windows customization. A 
common use for the ActiveX control is to retrieve information from 
ZISD that was stored at imaging time. For example, using ENGL 
Zim, you can store location information, such as multilanguage 
requirements, in ZISD that you can then retrieve and use during the 
Windows build process. 

Once you define the build process, the Build Wizard creates all 
the required core components, including the Universal Image cre 
ation process and ZENworks add-on images. After creating the 
base image and build components, you need to address the other 
elements of the automated build. 


> Handling OEM Drivers 

Windows drivers often cause organizations to maintain many differ 
ent images to cater to their different hardware platforms. Remember, 
the Universal Image only contains the base Windows OS; it does not 
contain drivers for the many OEM hardware components that exist 
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across the desktop, laptop and tablet machines where the image will 
be deployed. Many organizations use Microsoft Sysprep (System 
Preparation Tool) in an attempt to separate an image from the under 
lying hardware; however, Sysprep has some driver discovery 
limitations and it does not create a truly portable Universal Image. 

To address these limitations, ENGL Ztoolkit includes a Sysprep 
wrapper that provides more functionality around Sysprep. It includes 
dynamic discovery and validation of drivers during the imaging 
process as well as hotfix installation. (SEE PiGuURE 2.) 


> Creating OEM Driver Add-on Images 

Suppose your organization delivers a new hardware platform into 
your I'T environment. Typically, you'd try to make an existing image 
‘fit’ on the new hardware, or else build a new image for that hardware 
platform. Ztoolkit ships with a driver extraction tool that lets you 
extract OEM drivers from a Windows machine. 

In this scenario, you can take a new hardware platform and let it 
boot and perform the manufacturer's OEM Windows installation. 
Then run the Ztoolkit driver extraction tool, Zdrivers, from a USB 
key or network path. Using the Zdrivers wizard, select the drivers and 
then export them to a directory. It will create a ZENworks add-on 
image that contains all of the drivers for the specific hardware plat 
form. (SEE FIGURES 3 AND 4.) It will name the image using a 
standardized naming convention of ‘drivers-~<vendor--model-.zmg’. 
> Hotfixes 
Patch management is a critical clement in maintaining the stability 
and security of an SOE. Using the ENGL Imaging Toolkit, you can 
build machines with the most current Microsoft hotfixes and apply 
them during the build process. This approach has two key advantages 
over delivering hotfixes after the machine has finished building: 

* Hottfixes are applicd before hardware discovery or, before the 

network card is installed. (Str FIGURE 2.) 
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+ The workstation is secure, stable and useable at the end of the 
build process without applying more patches. 

In addition, you don’t need to modify or re-create the Universal 
Image when new hotfixes are released. You can integrate hotfixes into 
the automated build process by adding the relevant hotfix executable 
to a ZENworks add-on image. 

Once you deploy the machine, ZENworks Patch Management can 
maintain the patch status of the machine until the next time you 
image or replace it. 


> Multilanguage Support 

If your organization is using Windows 2000 or XP, you can localize 
the user interface using Multilingual User Interface (MUI) packs. 
MUI lets you change the user interface language of the OS according 
to the preferences of your individual users. Because the ENGL 
Imaging Toolkit is modular, you can easily integrate and deliver MUI 
packs into the build process on a location-specific basis. 

The Ztoolkit Build Wizard can automatically create the MUI add- 
on images. Use a standard naming convention, such as 
mui--language>.zmg to name your image. A ZENworks application 
object installs the MUI pack during phase 3 of the build process. (Sr 
riGURE |.) You can apply multiple MUI packs if the relevant MUI 
pack image has been restored. You can do this only if the application 
also has a system dependency on a specific MUI language directory. 


> Deployment 

We've discussed how to create a few different modules used in the 
build process. Figure 5 shows the build components and the order 
(bottom to top) in which they will be restored. The deployment 
process will restore the first four image components (the Universal 
Image base image, hotfixes, Novell Components {Novell Client and 
ZENworks Management Agent] and ENGL Ztoolkit Build Process 


add on images) to every machine. 


Figure 7 [he form 
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The last two add-on images will be restored on a per-machine basis using 
environmental information and lookup tables to determine delivery. 


> Image Deployment 

After creating the components of the automated build process, you 
can deliver the relevant images to target workstations in several ways: 
+ manually, from the machine using PXE, CDROM/DVD or USB key 
* automatically, using ZENworks imaging policies 

* lights-out using Wake-on-LAN 


Zim operates in all of these environments and delivers the relevant 
images to the workstation with or without user intervention. You can 
automate the entire imaging process using a BAS] C-like script language. 

For manual imaging, Zim secures ZENworks imaging using an 
LDAP login panel. After authentication, Zim displays an imaging 
menu based on the user's identity. (SEE FIGURE 6.) 

If you have workstations that ZENworks is not managing or if you 
have new hardware, you might need to “touch” those workstations to 
set the initial configuration. Using Zim, set all of the needed configura- 
tions before imaging. Then use them during the build process as 
discussed before. This greatly reduces the “touch time” because you can 
provide all the needed information and then leave the machine to build. 

ENGL Zim forms are one method of gathering build information 
using an easy and intuitive interface. (Si) F1GURI 7.) Once you enter 
the information, Zim processes the information and performs the 
appropriate imaging tasks. 

Launched manually or automatically, Zim can natively retrieve 
information from ZISD, eDirectory (via secure LDAP), the machine's 
BIOS or lookup files. Using this information, the correct images are 
selected and restored to any given machine. 

For example, Zim will restore the OEM driver image that is based 
on the specific model information from the BIOS of the workstation. 
In Figure 4, Zdrivers created a driver add-on image for a DELL 
Latitude D800. Zim retrieves this information and based upon it, 
Zim looks up the relevant add-on images to restore. 


> Conclusion 

Now you know how to develop and deploy a Standard Operating 
Environment using Novell ZENworks 7 and the ENGL Imaging 
Toolkit. Because your organization keeps changing, so will your IT 
requirements. As long as companies develop new software and hard 
ware, your deployments, updates and modifications will never end. 
Deal with it. ENGL gives you an easy way to stay on top of those 
changes and continue to adapt to them while delivering a secure and 
robust SOE. So put your shoes back on and stop counting the various 
configurations in your organization. Just make the images and let 


ZENworks and ENGL do the rest. N 


At A Glance 


The Three ENGL Components point the machine first boots the | 
OS to the machine being ready 
for the end user to log in and 


begin work. 


ENGL Zim is a front-end interface 
to the ZENworks Imaging Linux 
environment on the workstation. It 
lets you configure how ZENworks 
imaging is presented to 
technicians and end users. 


ENGL Zwake is a task-based, 
lights-out scheduler, which 
extends ZENworks Wake-on-LAN 
(WoL) capabilities. It lets you 
schedule a sequence of imaging- 
related tasks to perform against 
target workstations. 


ENGL Ztoolkit lets you automate 
the entire build process of 
Windows 2000 or XP from the 
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Could there be a better tool? 


GroupWise 7 Monitor 
By Danita Zanré 
he Monitor for Novell GroupWise > has some cool new 


features. Let’s take a look at a few tips so you can get the 
most out of the improvements. For the tips in this article, 


I'l assume you have installed and configured a working copy of 


Monitor. These tips will help you with some of the features that are 
new to Monitor for GroupWise > (For more information on how 
to set up and configure Monitor, 
europe 05 presentations tut239.pdf.) 


see novell.com/brainshare 


> New Feature Tip 1: Gateway Accounting Log Report 
Gateways such as the GWA and Asyne Gateway can send you 
accounting logs cach night to provide information on what mail is 
passing irangh them. This information ts inan ASCH delimited text 
file that can be manipulated with various third party tools. Starting 
with GroupWise >, you can now get reports on your gateway account 
ing logs dircetly from Monitor; however, to do so requires some 
configuration. ‘To make sure your Monitor will receive the account 
log reports, take the f following steps. 

First, make sure your Monitor has an MTP port set for “listening” 
to other MTAs. If you have enabled Performance ‘Testing for your 
GroupWise Monitor, you're already done with Step 1. These steps 


Figure 1 GroupWise Monitor Performance Testing and Gateway Accounting 
require an External Domain for communication with your GroupWise System 


{@ Create External GroupWise Domain 


Domain name: 


JExternalMonitor 
Domain Database Location (optional): 


Poet Deebase 2eatn erfeney 


Time Zone: 
(GMT-07:00) Mountain Time (US & Canada) 


Version: 


ha 


Link To Domain: 


[Caledonia Md ] 


re 


domain in your system v 


comprise the same procedure that enables the MTP link for 
Performance Testing for all versions of GroupWise Monitor. If you 
have already completed this task, jump to Step 2 


1 ‘Take the following steps to set up Monitor to listen on an MTP port: 
A In ConsoleOne, create an External GroupWise domain for the 
Monitor Agent. In our example, it will be “External Monitor.” 
Set this domain version as “>,” and link through a convenient 

domain. (SEE FIGURE 1.) 

B Choose an MTP port for your Monitor Agent. It is best to 
NOT make this port ~100, as you might later choose to put an 
MTA on the same server, and forget that Monitor has taken 
that port. I've chosen port 7103 for our Monitor agent. 

© Inthe Link Configuration for the domain designated in Step 1 
for the “link through” domain, change the Monitor \gent 
domain’s link to TCPIP and enter the IP address and port (in 
our case 103) for the Monitor Agent. 

p Go to the Monitor Agent Console. In this example. we'll use 
the Web Console because it is valid for both the Windows and 
Linux Agents, and with GroupWise 
preferred point of access for Monitor administration. To get to 


- it has become the 


GroupWise Monitor External Domain is linked to another 
ia a direct TCP/IP link 


Figure 2 /he 


KB Edit Domain Link 


Description: How Caledonia connects to ExternalMonitor 
Direct = 


/ Settings a 


Link Type: 


| Pratocot: ropa ¥ j 
\ | IP Address: {1 92.168.100.237 : 7103 


\ 
1 Override 


| 


Scheduling... 


| Maximum send message size: 4 MBytes 
Delay message size: >| Meytes 


i Transfer Pull Info... | External Link Into... | 
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The new Trends reporting feature helps you build various 
graphs showing trends for your agents. 


You can now also have a map of your system outlining where your agents 
: are and their states so you have an up-to-date status of your system ina 
visual format that you can display on a large monitor in your IT center. 


the Monitor Agent Web Console, go to 
http://yourmonitoragent:8200. For example, enter the 
following URL in your Web browser address field: 
http://192.168.100.237:8200. 

rE Click on Preferences, and scroll down to the MTP settings. 
Enter your IP port here, which is 7103 in our example. 
(SEE FIGURE 2.) 

F Restart your Monitor Agent to make certain the settings 
become effective. The MTA for your “link through” agent 
should show the ExternalMonitor domain as Open. 

2 Create a post office and user for your Monitor Agent so the 
accounting logs can be delivered: 

A With your new ExternalMonitor domain selected in 
ConsoleOne, right-click and choose New | External Post 
Office. Let’s name our post office ExternalPO. 

B Now right click on the ExternalPO object and choose New 


External User. Let’s name our External User “GWMONUser.” 


3 Once you have completed these steps, configure your accounting 
logs to be forwarded to the GWMON User. At present, you can’t 
select an external user as a gateway accountant. Thus, you must 
have your current gateway accounting user forward the account- 
ing logs to the Monitor user. 

A Verify that you have a Gateway Administrator who is an 
Accountant. In ConsoleOne, select each gateway for which you 
want to have accounting logs. Edit the properties of the gateway, 
and under Groupwise | Gateway Administrators tab, verify you 
have a user listed as an Accountant, or add a user if you do not. 

B In the mailbox for the user who is your gateway accountant, 
create a rule to forward all gateway accounting logs to the 
GWMONUseer. (Sib PiGu ke 3.) Note that this rule sends all 
messages with the subject of “Accounting Data File” to the 
Monitor Agent. GWIA logs are sent with a subject of “Agent 
Accounting Data File.” Other older agents, such as the Asyne 
Gateway, might have “Gateway Accounting Data File” as the 


Figure 3 Agent Accounting Logs are forwarded to the GroupWise 
Monitor user via a rule in the GroupWise client 


Edit Rule 


Rule name: [Accounting are 
When event is a —— 
Anditems are: (Z]Received [Sent [Posted [J Draft 
Wicenenoneane (Optional) ss—xeaacdac be cee eS eek 

Item types: Define Conditions... 

(Mail 
(Appointment 
CTask 
(Reminder note 
([] Phone message 


Appointment conflict exists: | Does not matter {Yes ot No} 
Then actions are... 


Figure 4 One of the many monitor reports is the Gateway Accounting 
User Log Stats report 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 
Environment | User Traffic | Link Traffic | Message Tracking | Performance Testing | Connected Users | Gateway Accounting | Trends | Down Time 


sensi 1222 
24296957 

Hit94e46a 812 
12369073 
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The reports provide a lot of useful 
information, for example, log stats per 
user, log stats per domain and 
individual user stats. 


subject line for the e-mail. This particular rule will trigger 
either type of accounting log file you receive. 

c Now, each night when the gateway sends the accounting log to 
the accountant, the accountant will forward that log on to 
GroupWise Monitor. 


To view the accounting logs from the Monitor Web Console (See 

Step I.d), choose Reports and click on Gateway Accounting. From 

there, you can choose which agents for which you want to see the logs. 
The reports provide a lot of useful information. For example: 

+ Log Stats per User shows a list of users and the number of messages 
and total size of messages passing through the gateway. 
(SEE FIGURE 4.) 

+ Log Stats per Domain shows what domains you are receiving from 
and sending to. 

+ Individual User Stats shows the individual pieces of e-mail that are 
passing through the gateway for a particular user. 


Figure 5 You can build many custom trend reports in GroupWise Monitor to 
gather statistics on your system 


Inverness.GWIA 
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> New Feature Tip 2: Trends Reporting 

The new Trends reporting feature, found in the Monitor Web 
Console Reports, allows you to build various graphs showing trends 
for your agents. We will show one example for a GWIA report. 


Click on Reports | Trends from the Monitor Web Console. 

At the Trends page, click on GWIA and enter a report name in 
the Trend Name field, and check the following items: 

A gwiasmtpdConnectionRefused 

B gwiasmtpQueueSend 

© gwiasmtpQueueReceive 

3 Click Add Trend at the bottom. You can now view this trend by 
clicking the Trend name at the top of this window. Figure 5 shows 
the resultant graphs for this particular trend. 


| 
Z 


You can build a trend report for any of the MIB 
values that Monitor tracks; your resultant grap 
seem almost endless! 


hs will 


> New Feature Tip 3: System Map 

Another new feature of GroupWise 7 Monitor is the ability to have a 
map of your system outlining where your agents are, and the state of 
agents in the map. This allows you to have an up-to-date status of 
your system ina visual format that you might have on a large monitor 
in your IT center. You can use any type of map in .png or .jpg format. 
To create your map settings, take the following steps: 


| Find or create maps of your office, campus, region or country, 

and copy them into the maps subdirectory of the monwork direc- 

tory. This will be in one of two folders: 

A /tmp/gwmon/monwork for Linux 

B c:\gwmon\monwork for Windows. 

In the Monitor Agent Web Console, click Map | New. (Note: This 

is not available in the Windows Console; you must do this from the 

Monitor Agent Web Console.) 

3. Click the map you want to set up. Then specify a name for the 
map, and click Create. 

4+ Select an agent you want to include on this map in the drop-down 
list. Then click the place on the map where that agent is located. 
The agent name appears ina blue box. 

5 Select additional agents and locations as needed by following the 
preceding steps. 

6 Inthe Line Color drop down list, select a color to show down 

links between locations. Make sure you select a color that shows 

up well on the particular map. This will determine the color of 

line that will appear on the map when the link between these 

agents is down. 

Once your map includes all the needed GroupWise agents in their 

respective locations, click Done. 


i) 


Once you have created your map, you can view it as follows: 

| In the Monitor Agent Web console, click Map | View. 

2 Click a map to view agent status. 

3 At this point, the Monitor Agent checks the status of each agent 
on the map. Any agent that is down or that has a status of Major 
or Critical, displays in red on the map. Agents with statuses of 
Warning or lower do not display on the map. If a link between 
agents is down, a line displays between them. N 
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MARKET- 
START 


MySQL Network 


All-in-One Enterprise-Grade Database, Support and Services 


na recent CIO Insight survey, a resounding 81 percent of 
respondents say they have deployed or are considering deploy- 
ing an open source system or application. In addition, 72 
percent report plans to expand their use of open source within the 
next 12 months. Cost reduction is the top reason for moving to open 
systems, but organizations still have many questions about imple- 
menting open source products for their business critical applications: 
- How do I get technical support? 
+ Are open source products stable and mature? 
+ What version of the product should I use? 
* Have security vulnerabilities been addressed? 


> MySQL Network: Save Time and Effort 

MySQL Network answers these questions by providing a comprehen- 
sive set of enterprise-grade software, support and proactive services to 
ensure the highest levels of reliability, security and uptime. Once you 
try MySQL Network, you'll realize that it is the smart choice for low- 
cost, highly reliable, enterprise database-driven applications. 


> 24x7 Production Support Available 
from Novell and MySQL 


MySQL Network includes 24x7 technical support services that ensure 

your production database applications are always available. MySQL 

Network gives you the flexibility to choose the service level that match- 

es your requirements through Silver, Gold and Platinum offerings. 

MySQL Network Platinum provides enterprise organizations: 

* 24x7 telephone and Web access to the Novell and MySQL 
support teams 

* emergency-response times of less than 30 minutes 

* an unlimited number of support incidents 

* consultative support including performance tuning 

* proactive account management 


By offering direct access to the MySQL support team, you can be 
assured that MySQL experts are available when you need them. The 
MySQL support team is composed of database experts who understand 
the issues and challenges you face because they've overcome the same 
challenges themselves. MySQL will find a fix to your problems fast. 


> Certified Software Improves Reliability and Uptime 
The MySQL Pro Certified Server enables you to deliver high-per- 
formance and scalable business systems. It virtually eliminates the 


Figure 1 7he Update Advisor helps you stay up to date with MySQL 
releases. Based on your profile, you get alerts when there's an update 
relevant to what you are using 


User: Andy Bang 


Figure 2 The MySQL KnowledgeBase provides a comprehensive library of 
hundreds of technical articles resolving difficult problems on popular database 
topics. A centralized repository, it eliminates time-consuming browsing and 
reading often-unrelated information in mailing lists and newsgroups 


User: Andy Bang 


arch Knowledge Base 


# you stay up-to-date with MySQL releases. Based on the profile you specify - j 
Fes an update relevant to what you are using, Press and hold the Ctrl key to sel (Ge) 


MYSQL Network 0. I-dev 
[Copyright (<) 2008-2005 wrS0¢ AB. 


tiple MySQL servers on one system? 


Search Again 


There are just a few steps necessary to set up multiple servers on one system, First, the 
configuration file for MySQL will need to be adjusted. A separate group of options will need to be | 
entered for each server, At a minimum, each server should be assigned a unique TCP/IP port and 
elther a different socket file for Unix systems or a different pipe for Windows systems 


Server groups for multiple servers In the configuration file are identified by a aysqld prefix 


'd Topi 
followed by a number suffix. For instance, the first server might be identified by a group heading | Related Topics 


like [mysaldi J, you could start with o or some other number. The second server could be ° Baa 
[mysqld2]. The numbers don't have to be sequential, per se. Numbers may be skipped. All of the 
‘options that can be given for a [nysald] group may be given to any additional server. This allows || External Resources 
you to change server options to meet any special requirements that may be needed for a | Degunentation-on mvgnid mkt 
database. Below are the contents from @ vetc’ay cnt file that is configured for three servers | © Qocumentation on configuring server 
This file might be c \ny cnt OF c:\windows\ny ini on a Windows server, | 
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To learn more about how you can benefit from 
MySQL Network, go to novel/.com/mysql. 


; uncertainty of which version of MySQL to deploy, and it 
reduces the time-consuming testing process required to ver 
: ify the most appropriate version. The MySQL Pro 
M S QL Certified Server has gone through rigorous testing using 
Lj * commercial and open source testing tools. MySQL certified 
software focuses on stability, reliability and security to meet 
the business needs of enterprise customers. 
It is: 
* ready for enterprise deployment 
+ proven to be stable, reliable and mature 
* tested using extensive test suites for Regression, Benchmark and Boundary conditions, 
including third-party test suites from Coverity and Kloework 
+ tested for known security vulnerabilities 
+ distributed using Native Package Managers on more than 10 platforms. 


> Update Advisor 

The MySQL Update Advisor keeps you informed of MySQL product updates to help you 
quickly determine which version to use. (SUE FIGURE 1.) Asa MySQL Network customer you 
will automatically receive all MySQL maintenance, updates and major upgrades, so you can 
always run the most current version of MySQL. In addition, the Update Advisor notifies you 
of issues and security alerts before they impact your system. It is also customizable so you 
receive alerts based on platform, software used and more. 


> Technical Alert Advisor 

The MySQL Technical Alert Advisor keeps you informed of security alerts or other issues 
that can impact your MySQL production servers. The Technical Alert Advisor helps you eas- 
ily maintain a secure and reliable MySQL infrastructure. Alerts can be sent to you via e-mail, 
pager or SMS messages. 


> Comprehensive KnowledgeBase Provides Fast Answers 
The MySQL KnowledgeBase provides a comprehensive library of hundreds of technical 
articles resolving difficult problems on popular database topics such as performance, repli 
cation and migration. (SEE FIGURE 2.) The KnowledgeBase is a centralized repository that 
eliminates time-consuming browsing and reading of often-unrelated information in mail 
ing lists and newsgroups. It provides you: 
+ fast, accurate answers when you need them most 
+ a fully categorized, indexed and searchable repository of technical articles 
- hundreds of articles including information on MyISAM, JDBC, InnoDB, ODBC, 
Performance, Security, Replication, Migration and more 
information on the latest features of MySQL 5.0, such as using stored 
procedures, triggers and views 
+ best practices, problem resolutions and how-to articles written and 

reviewed by MySQL engineers 


+ a fully integrated environment with MySQL production support. 


> Learn More About MySQL Network and Get It Now From Novell! 

Contact your Novell representative today to learn how you can run your applications with 
MySQL and modernize your business with open source! Call 1-800-529-3400 or visit 
novell.com/mysql. N 


Achieve the 
Highest Levels 
of Reliability, 
Security 
and Uptime 


MySQL Network 
by Novell 


MySQL Network delivers everything you 
need in a unified offering so you can cost- 
effectively develop, deploy, and maintain 


enterprise database applications. 


Eliminate problems before they occur 
with a set of proactive Advisors 


Improve application reliability and 
uptime by using Certified Software 


Find tips and answers to common 
questions faster using a technical 
Knowledge Base 


Solve your unique application issues 
quickly with direct access to MySQL 
Support technicians at Novell 


Learn more by going to: 


MySQvc: 


The world’s most popular open source database 
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Pentaho 


The Open Source Business Intelligence Solution 


usiness Intelligence (BI) has been one of the hottest seg- 

ments in enterprise software during the last five years. 

Estimated at more than US$11 billion by IDC, the BI 
market continues to grow and evolve from a “nice-to-have” technol- 
ogy to a mission-critical requirement in any competitive business 
environment. This market has grown based on a proven track record 
of customer value and ROI. Today, most organizations view BI as a 
low-risk investment that offers more value from existing information 
and systems already in place. The recent attention paid by large soft- 
ware companies such as Oracle, Microsoft and SAP validate the 
significant future opportunity of the BI market. 

While BI is a mature market, it continues to evolve rapidly. 
Established BI vendors face numerous challenges in retaining mar- 
ket share over time. BI has become an expensive and complex 
technology, and in many cases, developed in a way that counters to 
prevailing IT trends. Organizations are looking for flexibility, open 
standards, better value for their IT dollar, and modular and service- 
oriented architectures. Traditional BI vendors are delivering 
complex, monolithic suites that are expensive to acquire, integrate 
and deploy. BI is a market ripe for a disruptive technology and busi 
ness-model driven change. 


> The Pentaho Business Intelligence Project 

The Pentaho Business Intelligence Project is an ongoing effort by the 
open source community to provide organizations with best-in-class 
solutions for their enterprise BI needs. On December 20, 2005, 
Pentaho delivered its first open source release for general availability, 
delivering capabilities for reporting, analysis, dashboards and a BI 
platform. This is a positive disruptive event for the BI industry, rep- 
resenting the first comprehensive BI suite available via a commercial 
open source model. 


> Where does Pentaho Fit In? 

Pentaho Corporation is the professional open source company that 
centrally facilitates and manages this process. Pentaho also provides 
comprehensive technical support, release management, quality assur- 
ance and commercial extensions to open source products. 


> The Pentaho Business Intelligence Platform 

The Pentaho Business Intelligence Platform is an enterprise-class Bl 
solution that improves the efficiency and effectiveness of an organiza 

tion by deploying a comprehensive set of BI capabilities including 
reporting, analysis, dashboarding, data mining and workflow. 


Figure 1 Dashboards provide immediate insight into an organization's Key 
Performance Indicators and allow employees at all levels to share a 
common view of organizational performance 
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Figure 2 The Pentaho Bi Platform delivers end user capabilities on a common 
technology foundation, providing centralized security and integration, report 
scheduling and workflow on a scalable, standards-based architecture 
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@ pentaho: 


open source business intelligence” 


By providing a comprehensive platform that 
spans multiple end user needs, the Pentaho 
BI Platform helps avoid departmental infor 
mation stovepipes, and enables IT to 
address end user requirements without the 
time and expense of supporting multiple dis 
parate tools, technologies and platforms. 
From an end user perspective, a common 
platform facilitates easier sharing of infor- 
mation, one version of the truth, 
fact-based decision making. 

Finally, the Pentaho BI Platform uniquely 
integrates with and supports an organiza- 
tion’s business processes. Standards-based 
workflow is at the heart of the Pentaho BI 
Platform, orchestrating processes within the 
BI environment, as well as linking to external 
business processes to ensure relevant BI con 
tent is delivered to support and improve 
operational business processes. 


an d 


TECHNOLOGY HIGHLIGHTS 
* supports J2EE compliant application 
servers for enterprise scalability 

* provides Web Services 
based access to all 
components 

+ provides XML definitions for 
all content to enable creation 
and modification by means 
other than the graphical user 
interfaces provided, for example, 
manually or programmatically 
editing the XML 

* uses a common repository providing 
server-based storage and management 


> Comprehensive Business 
Intelligence Capabilities 

REPORTING 

Pentaho delivers reporting capabilities to sup- 
port any reporting need, from operational 
reports and invoices to rich, graphical, analytical 
reports showing trends over time. “Bursting” 
support allows large numbers of reports to be 
securely and sealalily delivered to thousands of 
users in a choice of formats, including HTML, 


Adobe PDF or Microsoft Excel. 


1NALYSIS 

Pentaho also provides sophisticated, interac 

tive analytical capabilities, allowing end users 
to interactively explore information, uncov 

ering opportunities and exploring root 
causes. The system provides a “dimensional” 
view of the data so business users can analyze 
data by product line, geography, business unit, 
time period or other dimensions of analysis. 
Analysis from Pentaho provides high per 

formance, even against very large data sets. 


DASHBOARDS 

Dashboards provide immediate insight into 
an organization's Key — Performance 
Indicators (KPIs), allowing employees at any 
level to share a common view of organiza- 
tional performance. Dashboards help align 
employees to a common set of metrics, tai 
lored to their roles and responsibilities, and 
can easily link to underlying reports and 
analysis for supporting details. 


BI Platform 

The Pentaho BI Platform delivers end user 
capabilities on a common technology foun 
dation, providing centralized security and 
integration, report scheduling and workflow 
on a scalable, standards-based architecture. 
The Pentaho BI Platform makes it easy for 
organizations to integrate actionable busi 
ness intelligence with operational processes, 
ultimately improving their performance. 


Experienced Team 


Founded by industry leaders: The core proj 


Get a Free Vacation 


Year after year your customers keep 


paying top dollar for their BI solution, 
only to send one of “The Other Guys” 


sales reps ona big vacation. 


Things have changed. Now you can address your 


customers’ BI needs for 80% less than proprietary 


solutions and put the savings to work where they 


need it most: hardware, training, or services. Who 


knows, 


Vv 


maybe they'll send you on the that big 


vacation instead. 


Visit www.pentaho.org/ download for the 


latest version, and be sure to register so you can 


Cc 


ontribute to the software that’s changing 


business intelligence. 


Go ahead, get your feet wet. The water feels Sau 


— 
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+ includes security and compliance 
features such as role-based security, 
business rules and logging 

+ supports Java single sign-on/JOSSO 
and LDAP to integrate with existing 
enterprise security. 


platform free to everyone. N 


For more information 

Web: pentaho.org 

e-mail: communityconnection@pentaho.org 
Phone: +1 407-812-OPEN (6736) 


Reporting, Analysis, 


* aan 


“7 source business intelligence 
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*No vacation / trip will be paid for by Pentaho or its affiliates. Use the 
money you save by using Pentaho instead of BI from “The Other Guys.” 
Come on, we're open source. Visit www. pentaho.org for product info. 
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TRAINING- 
DAY. 


Secure Your Open Enterprise. 


Trusted Access. Plain and Simple. 


n today’s environment, businesses and governments must 
make their systems more open and accessible while maintain 
ing security and control at the same time. Novell Identity 
Manager 3 can help. 
Novell Identity Manager 3 provides simplified, seamless Web 
access for all customers, partners and employees based on open stan- 
dards for a secure and agile enterprise. 


Attend a Novell training course and discover how Novell 
identity Manager can help maximize your business. 


Novell offers training for your area of focus and level of expertise. 
Check the diagram below to see what type of training is best for you. 


> Novell Identity Manager 3 Fundamentals (Course 3065) 
This instructor-led course covers the basic concepts of Novell 
Identity Manager 3 by installing and using the product with few 
configuration changes. Students work with Open Enterprise Server 
on three server operating systems: NetWare, Linux and Windows 
2004 server, to synchronize data and passwords between eDirectory 
and Active Directory. As an introductory course for Identity 
Manager, students taking this course should be familiar with 
eDirectory and related tools, such as iManager. Identity Manager 
experience is not required. 


> Advanced Technical Training: Novell Identity Manager (2/3) 
In this course, participants learn to use Novell Identity Manager 3 to 
accelerate the flow of information throughout an organization; 
enhance efficiency by removing the barriers between applications, data 
stores and network platforms; and (leveraging Novell eDirectory) cre 
ate Novell Identity Manager policies that automatically distribute new 
and updated identity information within an environment. 


> ATT Online: Novell Identity Manager 2 

to Novell Identity Manager 3 Update 

This four-hour, interactive online course taught by a live instructor 
helps you understand what's new in Novell Identity Manger 3 and 
what the important changes are from Novell Identity Manager 2 by 
leveraging your preexisting knowledge and advanced experience with 
Novell Identity Manager 2. 


> Advanced Technical Training: Provisioning Module for 
Novell Identity Manager 3 

The new add-on Provisioning Module for Novell Identity Manager 3 
makes it easier for users to request resources, delegate approvals and 
administration, and use proxies to manage their own access needs. 
This course dives right into the advanced technical heart of the 
Provisioning Module so you can get your enterprise using this valu 
able solution immediately. N 


New to Novell 
Identity Manager 3 


4 


Training Course: 
Novell Identity Manager 3 Fundamentals 
Course 3065 


Advanced Technical Training: 
Novell Identity Manager 2 and 3 


Advanced Technical Training: ATT Online: 
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Introducing SUSE. Linux Enterprise 10 from Novell... Built by a global community and 
secured, supported, tested and proven by Novell. From the desktop to the data center, SUSE Linux 
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to get ahead in the 


world. Are ae etting 


left behind in the IT 
world? Has your IT 


strategy ever changed? 
You need a stronger IT 
to survive today. 
So what will make your 
IT strategy soar? The 
answer is simple. Open 
source. But now you also 
know why. And it’s not 


strate 


just about the money. 


BY GUY SMITH 


2 rid QUARTER/2006 


Novell Connection Magazine 


THIRD QUARTER 2006 voLUME 17 NUMBER 3 


Departments 


04 


06 


64 


68 


72 


74 


LEAD OFF 
It’s Time! 
BY RON HOVSEPIAN 


BOTTOM LINE 

Plug In to the Hot Benefits of 
Open Source 

It's Not Just About Money 

BY GUY SMITH 


PROOF POINT 
Stonebridge Bank 
Security Without Breaking 
the Bank 

BY LIZ TANNER 


TREND TALK 

Novell Open Audio 
Podcasting to the People 
BY NATHAN CONGER 


FINE PRINT 

How’s Your Memory? 
The Don’t-Call Defrag 
BY KATHRYN JENKINS 


MARKET START 
VoiceRD 


MARKET START 
Anatomy of an Open Enterprise 
BY TODD SWENSEN 


Online 


Part 9 of 9 

Got Skills? 

Bridging them to Linux 
BY KENDRA DALIN 


Laura Chappell’s Animated Article 
Wireshark (formerly Ethereal) 


Tech Talk 


12 


22 


30 


36 


42 


48 


54 


58 


We Have Opened the Box 
Mind-bending Innovation and 
Usability in Open Source Apps 
BY NATHAN CONGER 


Enjoy the Sensation 

Open Source Apps 

Used by Novell 

BY SHERYL KEMPTON & CHERYL WILLIAMS 


UP:GRADED 
OpenOffice.org 2.0 
This Sequel is Better 
BY TONIA CONGER 


You’re Secure 

Distributing AppArmor 
Security Profiles 

BY DAVID DREWELOW & FRANK REGO 


Bowled Over 

The New Novell 

Open Workgroup Suite 
BY MICHAEL WILKINSON 


Shelf Life 

ne ITIL Best Practices with 
ZENworks Asset Management 

BY STEVE DUSCHEID & RANDY BRITTON 


Riding High 

Easing the Pain of Software 
License Compliance 

BY RANDY BRITTON 


Drag n’ Drop 

Novell Designer 

Visually Designing Identity Policies 
BY JEFF HARRIS 


Copyright 2006 © Novell Inc 


Novell Connection Magazine 


Publisher McKay Brown 
Editor-in-Chief Eric Schetselaar 
Creative Director David Groom 
Associate Editors Angie Kirk, Janice Hill 
Art Director David Meredith 
Webmaster Stacey Johnson 
Contributing Editors 
Randy Britton, Nathan Conger Steve DuScheid, Jeff Harris, Kathryn Jenkins Guy Smith, Todd Swensen, Liz Tanner 
Tonia Conger, David Drewelow Sheryl Kempton, Frank Rego Michael Wilkinson, Chery! Williams 


Advertising Manager Steve Branda 


Novell, Chief Marketing Officer John Dragoon Novell, VP of Corporate Communications Phil Julianno 


33-7960) IS PUBLISHED BY NOVELL, INC. FOUR TIMES A YEAR 
AH AND AT ADDITIONAL MAILING OFFICES 


NOVELL CONNECTION MAGAZINE (USPS 014-831) (ISSN 4! 
1800 S NOVELL PLACE, PROVO, UTAH 84606-6101. PERIODICALS POSTAGE PAID AT PROVO. U 
TO SUBSCRIBE OR MAKE ADDRESS CHANGES PLEASE VISIT. NOVELL 
ANNUAL SUBSCRIPTION COST FOR INTERNATIONAL SHI 
ALLOW 8 WEEKS FOR SUBSCRIPTION TO BEGIN, COPYRIGHT © 2006 BY NOVELL, INC. NOVELL IS A REG 
40698003, RETURN UNDELIVERABLE CANADA ADDRESS TO: STATION A, PO BOX 54, WINDSOR ON, N9A 65, CPCRETURNS@WDSMAIL,.COM 
POSTMASTER: SEND ADDRESS CHANGES TO NOVELL CONNECTION MAGAZINE, 1800 S NOVELL PL, PROVO, UTAH 84606-6101 


Multi-server management from a single screen 
AdRem Server Manager 5.0 


Key features: 

Monitor performance graphs of multiple NetWare servers 

in a single screen - new! 

Create logical groups of servers for easier management ~ new! 
Analyze comparative historical trends - new! 


Monitor and manage user activity, including disk space quotas, 
open files,and disk usage by users 


Schedule cross-server tasks (NLMs updates, distribution of files 
or console commands) 


Manage files (advanced searching, file salvaging/purging) 
Administer trustee rights (trustee backup/restore) 


Quickly access, compare, and modify all SET variables, 
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software 


If you ve been putting it off... 


Linux and open source. 
It’s a big slg right now 
in our world; and it’s 
getting bigger. So, if 
you’re concerned with 
moving your business 
forward, it’s time you 
really take a serious 
look at how open 
source software can 
improve your business. 
Besides saving your 
bottom line a few bucks, 
it could mean a host of 
other benefits for your 
company. It has for ours. 
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How many times have we heard that we should adopt Linux and open source solutions because 
they usually cost less than proprietary solutions? Yes, the relatively low acquisition cost is still 
a big issue that can ultimately benefit your bottom line. But it’s not the only — or even the most 
important factor anymore in why many CxQOs choose to run open source. In fact, 500 senior 
IT executives said, ina recent study conducted by Chadwick, Martin & Bailey, that their top 
decision criteria for choosing Linux and open source were reliability, security and performance. 
Cost, while still important, was fourth on the list. There's a long list of reasons how your busi- 
ness will benefit by implementing open source solutions in the areas where it fits best. 

Granted, not every user in your company can, or should, move to Linux — yet. But it just 
makes sense to migrate certain users to an open platform with open source solutions. With 
Novell as your partner, it’s easier to not only decide which users can, and should, be on an 
open platform, but also how to get them there. 

In Plug In to the Hot Benefits of Open Source. you'll get a taste of why open source makes 
more than just “cents” and how you can put those benefits to work in your organization. We 
explain how and why. 

Further, we show you some of those open source solutions Novell uses internally and explain 
how we've implemented them in our own organization. Read the details in Enjoy the Sensation! 

As you know, Novell just released a new enterprise platform that can help your business: 
SUSE Linux Enterprise 10. We include several open source solutions in both the server and 
desktop versions of this new platform, but we take a closer look at the desktop in this issue. 
Read about many of the solutions included in SUSE Linux Enterprise Desktop 10 and how 
they can help your users become more efficient every day in We Have Opened the Box. 

Also take a closer look at arguably one of the most important open source projects that is 
a “must” for your world and throughout your enterprise: OpenOffice.org 2.0 and the Novell 
edition included in SUSE Linux Enterprise Desktop 10. Learn why you should be deploying 
it throughout your enterprise in UP:GRADED. 

And staying with an open source theme, Youre Secure shows you how to deploy to all your 
servers one of the many open source projects for which Novell is responsible: AppArmor. It’s 
a unique profile-based application-security solution you shouldn’t be living without on your 
Linux servers and desktops. 

Now is the time; if you haven't already, to take a look at the open source solutions out there. 
Novell stands ready to help you implement the right mix of open source and proprietary soft- 
ware based on open standards that works for your organization. Building your business with 
open source solutions as a key component will provide a reliable, secure, scalable and low cost 
technology platform and give you the competitive advantage you need to thrive. 

As always, we love to hear from you. Let us know what's on your mind or if you have feed 
back for us. Send e-mail to editor@novell.com. Enjoy this issue of Novell Connection. 


Ron Hovsepian 
PRESIDENT & CEO, NOVELL INC. 


a Bund 


by doing very lttle.. 


wireless platform ~ BlackBerry® Enterprise Solution™ v4. 
GroupWise®. Now you can empower your mobile users wi 
phone, Internet, enterprise instant messaging, organizer < 
enterprise data.’ Your IT department will appreciate the e 
administration tools, including centralized control of wire 


ave your company 


le 


for Novell® 
th access to email, 
pplications and 
hanced 
ess devices in a 


secure, scalable and flexible architecture. Get more of you 
up and running with the Quick Start Offer. 


or third party products and/or services for access to corporate ap, s. Prior tos 2 to or imple! 
services. Installation and use of third party products a 
are required 


party so 


relation to the third party products or services and RIM assumes no liability whatsoever in relation to the 


©2006 Research In Motion Limited. All rights reserved. The 
and Trademark Office and may be pending or registered in oth 


kBerry and RIM families of related m 
untries. Ail other brands, produ 


ks, im 


r mobile workers 


M's products and services may require one or more patent, trademark or copyright li 
;. To the extent that such intellectual property licenses may be required, RIM expres: 


products or servic 


thir 


rends 
y third party p 


ty products and services even if RIM has been advised of the possibility of such damages or can anticipate such damages. **North American customers only 


lusive properties and trademarks of Research In Motion Limited, RIM, Research In Motion, ‘Always On, Always Connet 
and service marks are the properties of their respective owners. 


The Extraordinary Quick Start Offer for Novell GroupWise 


There's never been a better time to extend the mobile power of the leading 


What's in the Quick Start Offer? 


BlackBerry Enterprise Server™, five Client 
Access Licenses and two months of tech 
support , all for free! 


Visit 


today! 


right onsible tor determining whether such third party licenses 
until all such applicable licens ve been acquired by you or on your behalf. Yo f third 


tee 


entation. warranty o! 


ed’ and BlackBerry are registered with the U.S. Patent 
ications and features contained in this document are subject to change without notice. 


BOTTOM- 
LINE 


in to the Hot Benefits of Open Source— 


Plug 
It's Not Just About Saving Money 
By Guy Smith 


pen source is an IT strategy, creating greater business 

functionality and agility. How can open source bring 

long-term benefits to your organization? Most people 
think— incorrectly, that is—that the only reason to use open source is 
because of the generally low cost. Although that’s a reason—a very 
valid and important one—it’s not the only reason, and arguably not 
even the most important one. Let’s walk through some of the other 
reasons other CxOs are pushing for more adoption of open source 
technologies in their companies. 

‘To start, consider these types of scenarios: 

They did not write the application, but it was the heart and soul of 
their 250-person company. They needed a tiny change that, if it exist 
ed, would significantly streamline their internal processes, adding two 
percent to their gross margins. 

They didn’t beg their vendor for the new feature. They didn’t wait 
years for it to appear. They didn’t hire expensive consultants to engi- 
neer a kludgy work around. And yet they had the new feature about two 
days after it was conceived. One of their five-member IT staff wrote 
the enhancement, adding it directly into the product, and assured that 
the change would appear in all future versions of the product. 

As I noted in my analysis of Linux (see What CxOs Think About 
Linux in the September 2004 issue or online at zovell com/connection 
magazine/2004/09/bottom_line.html), CxOs see open source as a 
strategic element in their IT shops, with benefits far beyond saving a 
little budget. Open source utilities and applications offer strategic 
benefits that bring real and recurring business advantages. 

To understand these advantages, we must note that IT has a well- 
defined mission, which is: 

Automate business processes ... 

... to gain competitive advantage ... 

... without spending all the profits. 

Like all software, a well-selected open source tool automates 
processes and creates competitive value for your company. The open 
source difference lies in where proprietary software has erected 
obstacles to creating more competitive business advantages for you. 
Some areas where CIOs have encountered limits with proprietary 
software include: 

Unresponsive vendors who cannot, or will not add necessary features 

Slow response to bugs that disrupt business processes 
* Vendors who exit a line of business and do not continue to 

enhance a product 

Competitive issues that prevent interoperation and 

integration of products 

Inability of vendors to support regulatory certifications 

Lack of access to decision makers and developers in a 

vendor organization 
* Adverse licensing contracts that slow or prevent expanding the 

potential value of vendor software 

Security exceptions that create financial loss and legal liability 
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Open source tends to be free of these limitations, and thus grants [T 
a sophisticated set of strategic advantages. Open source also has some 
unique attributes that help create competitive value for you that 
would not otherwise exist. 

Let’s explore how some IT’ shops are besting their competitors 
using open source products and development methodologies. 


> Open Source Strategic Points 

Time to market 

Proprietary software suffers from a competition for scarce resources. In 
order for a vendor to create the greatest wealth for their shareholders, they 
must invest development time wisely. This means creating only a small set 
of features that apply to the broadest number of paying customers. 

Open source is not similarly limited. Open source projects attract 
people with selfish interest, namely creating a product that they would 
want to use. Open source projects are thus limited only by the number 
of contributors, which depending on the popularity of the project can 
easily be in the hundreds. 

The net effect is that features tend to be created rapidly. Many com- 
panies that have a vested interest in an open source package are also 
active contributors, using in-house or contract developers to create new 
value in the system as needed (an option alien to proprietary products). 
With the open source “release often” ideology—creating updates and 
releases frequently — new features are often available in record time. 


Integration 
No software works independently, and integrating packages is becoming 
ahigher priority for many IT shops. Open source shines at integration. 
The lack of a central profit motive allows open source projects to 
be well architected, taking few—if any—short cuts. A side effect of 
this is a heavy reliance on open standards and well-defined interfaces 
(internal and external). Thus integrating an open source software 
package is more likely to occur than with proprietary products as the 
open source software was designed with integration in mind. 
Integration is also accelerated due to the complete transparency 
of open source software. Every action and interaction is viewable 


Strategic Benefits of Using Open Source 


¢ Shorter time to market for new business capabilities 

* Better application integration based on open standards 

* Greater ability to influence or create new features in future releases 
* Safety from vendor lock-in or abandonment - 

¢ Open source methods and tools aid partner co-development 

* Reduced security, liability, regulatory and downtime risk 

¢ Usually lower acquisition costs than for proprietary software 


within an open source solution. This includes database schemas, 
transaction controls, all 1/O, and all APIs. Whereas with “black box” 
software one would have to guess at safe and sane methods for creat 
ing a lasting integration, one can look at an open source package and 
determine the best possible approach to tapping the flow of data. 
The last aspect to open source integration is that you have the abil- 
ity to modify the code since you have license to it. If you need an open 
source package to work with other software, and the features are not 
readily available, you can create them yourself by modifying the code. 
Since you are building a dependence on this code for future business 
processing, you should contribute the code back to the project so it 
becomes part of all future releases. Try that with Microsoft! 


Long term enhancements 

Many large IT shops have intimate access to their software vendors, 
and can exert some measure of influence on the direction of future 
releases. But this access is reserved for the big spenders, leaving small- 
and mid-sized businesses (and many large ones) with no real control 
over their IT software strategy. 

Open source changes this. Open source contributors are well 
known, and easily accessible through their project community sites. 
Companies willing to involve themselves in open source communities 
have significant influence over the direction new features. You simul 
taneously have access to other users of the software, and can influence 
their demand for your preferred changes. 

The most interesting aspect of open source is that you can create 
the changes you need. Many companies allow members of their staffs 
to use company time to contribute to open source products that are 
used in-house. This has two advantages: First, desirable new features 
to existing, complex software packages are created very quickly. 
Second, your staff gains an intimate understanding of the products on 
which your company depends. Combined, you achieve the matched 
goals of having more competitive advantage through software, and a 


Figure 1 As with all software, a well-selected open source tool automates 
processes and creates competitive value for your company. By its nature, propri- 
etary software has erected obstacles to creating more competitive business 
advantages for you. Those obstacles create strategic as well as tactical points 
that lean in favor of open source solutions 


Open Source Strategic Points 


Less Time To Market 

Less Risk of Abandonment 

Lower Security Risks 

More Integration Options 

Influence Long Term Enhancement Roadmap 
Community-Style Partner Co-Development 


N SEN ¢@ 2 e€ 


Open Source Tactical Points 


sy Less Time for Minor Enhancements 
”~ Bugs Fixed More Rapidly 
a” Structured Reusable Code 
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more educated staff who can both understand a software package's 
behavior as well as change that behavior. 

Some firms are opting to outsource open source changes. If an 
open source package is critical to your operation, but you cannot 
afford to spend staff hours on creating an enhancement, or if your 
staff does not have the requisite skills, you can hire contractors to cre- 
ate the new functionality for you. For some companies the 
cost/benefit analysis is amazingly simple as both are quantifiable. 


Partner development 

One aspect of open source development which is only beginning to be 
noticed is the application of open source software methodologies and 
tools to partner development. No company is an island, and working 
with partners requires sharing information. The tighter the partner- 
ship, the more automated data sharing must be. 

Some firms are applying open source products and open source 
methodology to integrate partner data. Often it is as trivial as two teams 
reviewing Service Oriented Architecture (SOA) aspects of their open 
source tools and creating data bridges. In more advanced cases, teams 
might be formed as if they were open source communities to create new 
applications or new functionality to existing open source projects. 

The net effect is that partners are able to accelerate integration proj- 
ects due to the “open” nature of either the core technology (existing open 
source software) or create new technology that is “open” to both parties. 

The logical extension of this paradigm is that communities are rising 
to create software specific to their industries, or at least to technical 
disciplines that cross industries. Any time two or more companies 
have a similar need, there is an opportunity for open source to drive a 
solution set. 


Risk reduction 
Every choice made in IT software selection comes with risk. Open 
source software reduces, and in most cases eliminates these risks. 


ABANDONMENT 

The highest risk comes from software abandonment. If you choose a 
proprietary package that the vendor later abandons, you have few (if 
any) recourses aside from a forced migration. Open source solutions 
do not suffer this because the source code is available to all, including 
non-competing users. Open source packages are rarely “abandoned” 
as the community that created the packages is composed primarily of 
users, and the package remains under perpetual maintenance. 

In very rare cases, the original creators of an open source package 
may want to turn it into a proprietary offering. Most open source 
licenses do not prohibit this, but they also allow for anyone else to 
take the original source code and evolve it separately. This “forking” 
of project assures that your reliance on an open source package is 
never at risk. For example, VA Software, the creators of SourceForge 
(an online repository for open source projects) wanted to convert 
SourceForge to a commercial project. After much debate, an 
announcement was made to the SouceForge community, and they 
forked the original design as VA Software created SourceForge 
Enterprise Edition (incidentally, VA Software and the SourceForge 
community still have a close working relationship). 

One aspect to the non-abandonment of open source projects is 
that there is no break in continuity for you. Vendor support can dis- 
appear, and leave you with buggy software and no means of fixing it. 
Open source does not suffer these maladies as any bug is addressable. 


SHOCURITY 
Few people doubt the superior security provided by open source soft- 


For more information or to have a Novell Representative contact you, please visit novel/.com/ncmconnect. 


ware. Greater focus on design, greater stability, and the peer pressure 
that enforces a “security first” mentality creates more secure products. 
This directly reduces your exposure to risk on several fronts: 

* Less chance of direct financial loss through information theft 

- Less exposure to legal liability or regulatory penalty 

+ Greater uptime through enhanced stability 


> Tactical Advantages from Open Source 

Clearly, open source provides a number of long-term strategic advan- 
tages. But your staff lives IT day-to-day, and the tactical advantages 
provided by open source contribute to their work lives as well as your 
bottom line. The cumulative effect of these tactical advantages pro- 
duce more strategic benefits. 


Less lag on minor customizations 

Often small changes in software have significant effects on end-users. 
For example, changing the order of fields on a data entry screen can 
increase the efficiency of call center workers. With open source, 
minor changes in utilities and applications can be made quickly. With 
proprietary software, you might never see a minor customization as 
the limited vendor development staffs working on commercial prod- 
ucts are focused on major enhancements and releases, and not minor, 
customer-specific improvements. 


Rapid bug fixes 
Enterprises have two advantages vis-a-vis software bugs when using 
open source, 

First, open source products do not suffer bugs for very long. Open 
source projects are typically founded on the “release frequently” phi- 
losophy. Though not as numerous as in the past, open source projects 
release new versions constantly as minor changes and bug fixes are 
incorporated. This means that any open source product you adopt will 
most likely fix bugs more rapidly than a commercial equivalent could. 

Most open source projects have robust, online bug reporting systems 
and procedures. You can report a bug online, and track the progress of 
the community’s efforts to fix the software. | experienced one episode 
where a corner-case bug was reported in the morning, analyzed by two 
community members midday, patched by the afternoon, and an auto- 
matic email notification was sent announcing the repair before 3PM. 

But sometimes fast is not enough. Our industry has millions of hor 
ror stories about a new bug in mission critical software that a vendor 
was slow to fix. The second bug-oriented benefit with open source is 
that if a defect arises that severely impacts your business, you have the 
option of digging into the source code yourself and fixing the prob 
lem. Many firms adopting open source include on their evaluation 
check list the programming languages of projects, to make sure their 
staffs have the requisite skills to debug the software. 


Reusable code 

Open source projects tend to be modular, and build upon libraries of 
lower level open source code. Because of these mirrored factors, much 
of open source is readily reusable, not only in and between open 
source projects, but also in your home-grown software. If you have a 
development team that already composes or uses source libraries for 
their in-house development, adding open source is a breeze. If you do 
not have such a staff, but want the advantage of reusable code, a great 
starting point for your staff would be to acquire and catalog some of 
the foundation open source libraries that are commonly used for cre- 
ating other open source projects. This acquaints them with baseline 
tools, and gives them insights into what can be built as they discover 
these tools in larger open source packages. 


> CxO Payoff 

Open source is more than just Linux, and the benefits of open source 

are more than just cost savings. The payoff for ClOs and CTOs are 

strategic, and will have long lasting benefits. The question is “how do 
you expand the role of open source in your organization?” As with 

Linux, the answer is straight forward. 

First, give your staff time to explore existing open source libraries and 
tools. This will acquaint them with open source communities and 
projects, and learn how these groups create and support software. 
Second, list the skill sets you want to develop in-house for the 
long term. This will help in identifying open source projects that 
you will later adopt. 

- Identify a non-critical business process in which you are receiving 
less than-desirable support from your vendor, and review the 
open source alternatives. This could be I'T utilities, end user 
applications, or even customer-facing services. 

* Implement this new open source software and participate in at least 
one bug fix, one customization, and one contribution to the project. 
This will give your staff the experience necessary to participate in 
the full deployment lifecycle of an open source project. 

Next, aim high. Find an area of business where a new solution will 
bring significant new business and competitive advantages. Find 
the open source alternative that will best drive these new 
capabilities, and plan your deployment. Measure the time and cost 
for deployment and remediation, and compare to past projects 
with proprietary software. 

Finally, participate deeply in the community around this high- 
value software. Allow your staff sufficient time to become part of 
the project and contribute to future releases, with the goal of 
influencing the feature set to your advantage. 

With open source as a centerpiece of your IT’ strategy, you will find your- 

self gaining business agility faster than your competition, and releasing 

yourself from dependency on vendors who have failed to deliver. N 


Open Source Projects Supported by Novell 


Here is a partial list of some open source projects which 
Novell founded or to which they contribute. The full list 
can be found at /ttp://developer.novell.com/opensource/. 


Bandit A system of loosely-coupled components to provide consis- 
tent identity services. Bandit is building additional services needed 
for Role Based Access Control (RBAC) and for the emission of 
records to verify compliance with higher level policies. 


Eclipse Provides vendor-neutral open development platform and 
application frameworks for building software. 


Higgins A framework that enables users and enterprises to integrate 
identity, profile, and relationship information across multiple systems. 


iFolder File sharing application for Linux, Windows, and Mac. 


Mono A platform for running and developing applications, based 
on the ECMA/ISO Standards. Mono can run existing programs tar- 
geting the .NET or Java frameworks. 


OpenOffice A multi-platform and multi-lingual office suite with 
word processing, spreadsheet, presentation, illustration, and more. 


Wine A compatibility layer for running Windows programs on 
Linux desktops. 


Xen A virtual machine monitor for x86 that supports execution of 
multiple guest operating systems. 
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Security Without Breaking the Bank 


Stonebridge Bank 


By Liz Tanner 


ith nearly US$40o0 million in assets, Stonebridge 

Bank combines community banking with advanced 

online technology. Based in West Chester, 
Pennsylvania, Stonebridge Bank serves commercial banking cus- 
tomers through locations in Pennsylvania and Maryland, while 
offering customers around the nation a complete range of retail bank- 
ing services through stonebridgebank.com. 


> Challenge 

As a community bank, Stonebridge Bank faces tough competition 
from bigger commercial banks. ‘The bank’s key to success is maintain 
ing an efficient IT infrastructure that reduces overhead costs and 
allows the bank to provide its customers with competitive rates and 
services. Stonebridge wanted to replace its costly Microsoft Windows 
systems and consolidate its data center. 

But changing its underlying infrastructure could not affect the 
bank’s security or performance. The bank receives an average of 
105,000 attack attempts per day and relies on sophisticated intrusion 
protection to safeguard its data. Downtime is also not an option for 
its Web site which requires constant availability. Stonebridge began 
searching for a data center solution that would help it retain its secu 
rity, performance and competitive advantage. 


> Solution 

To replace its existing systems, Stonebridge Bank worked with eNvision 
Data Solutions, a value-added reseller and Novell Gold Partner in 
Pennsylvania. The bank switched from Windows and Red Hat to SUSE 
Linux Enterprise Server, and uses Novell Open Enterprise Server for 
superior directory, file and print services on Linux. 

“We moved to Linux because we liked the idea of an open enter- 
prise and needed a good environment for virtualization,” said George 
Rapp, senior vice president of Information Systems. “Novell gives us 
the best technology, pricing and support options for Linux.” 

Using VMware for virtualization, Stonebridge Bank consolidated 
131 servers to 22, half of which are running Novell Open Enterprise 
Server and SUSE Linux Enterprise Server. The bank now runs all of 
its network services and several mission-critical systems on Linux 
including Apache Web servers, Applied Watch intrusion and detec 
tion software, as well as its helpdesk and disaster recovery solutions. 

“With SUSE Linux Enterprise Server and VM Ware, Stonebridge 
Bank is running more than 80 virtual servers on two physical servers 
and still has room to grow,” said Randy Bender, president of eNvision 
Data Solutions. “Taking advantage of 64 bit computing has greatly 
improved overall performance of mission-critical applications so the 
bank is now moving everything possible to Linux.” 

A Novell Linux solution has not only reduced the bank’s administra 
tion time, but has also eliminated the need to hire additional staff. One 
person now manages the bank’s Linux environment, relying on YaST in 
SUSE Linux Enterprise Server for centralized, graphical administration. 
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“It’s been extremely casy for staff familiar with Windows and NetWare to 
pick up Linux,” said Rapp. “Linux gives us a common skill set and simpli 
fies administration so we spend far less time managing our data center.” 

By consolidating servers and reducing administration time, 
Stonebridge has reduced its total cost of ownership for cach server 
from $230 to $31 per server per month. This savings allows the bank 
to purchase more storage to strengthen its disaster recovery solution. 

“We don’t need to purchase a lot of server add-ons to make our Linux 
servers reliable and fast,” said Rapp. “We can get fully loaded Linux servers 
at a fraction of the cost and space requirements of proprietary servers.” 

Banks are continually responding to new regulatory requirements, 
which often require new technology solutions. Stonebridge can now 
access open source applications to meet these requirements, while 
dramatically reducing its software costs. The bank recently imple 
mented an open source solution for helpdesk ticketing, as well as a 
system to document Web site changes. 

GroupWise for Linux now runs on a virtual server and is the bank’s 
primary internal and external vendor communication tool. GroupWise 
Messenger gives users secure instant messaging with other bank employ 
ces, critical when communicating about sensitive financial information. 

“We evaluated a move to Microsoft Exchange, but moved to 
Novell GroupWise instead for one tenth the cost,” said Rapp. 
“Group Wise security has been exceptional. We have never had down 
time duc to a virus attack.” 


> Results 
By moving from Windows to Novell Open Enterprise Server, SUSE 
Linux Enterprise Server and virtualization, Stonebridge Bank consoli 
dated its servers by 83 percent and reduced its costs per server by nearly 
go percent. The flexibility to use open source applications to respond to 
regulatory requirements also helps the bank manage its software costs. 
“Our management team is impressed not only with our cost reductions, 
but also that we have performance metrics that rival bigger banks,” said 
Rapp. “A Novell Linux solution gives us flexibility and security to contin 
ue to expand our business. We've remained a secure enterprise, despite the 
wide-spread virus attacks that have affected other organizations.” N 


Challenge 
Reduce IT overhead costs by replacing costly Microsoft Windows 
systems and consolidating the data center. 


Solution 
Novell Open Enterprise Server/SUSE Linux Enterprise Server. 


Results 

Consolidated servers by 83 percent, reducing costs per server by 
nearly 90 percent. Reduced software costs with open source solutions. 
Achieved performance metrics that rival much bigger banks. 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect. 


By Nathan Conger 


we have 
opened 
the box 


Mind-bending Innovation and Pent d Included 
in Today's Next-Generation Desktop OS 
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ince the dawn of the new millennium, the coming of a 
next generation Desktop OS has been foretold. The folks in Redmond 
promised their own innovative and timely release that included 
enhanced usability, integrated search, new graphical effects and an 
obligatory hardware upgrade. Wait a second; that was 2003; what hap- 
pened? That question merits another article altogether—one that 
mentions viruses, malware, trustworthy computing, software assurance 
and integration issues among other things. 

So without further adieu, let me introduce you to the next genera- 
tion desktop OS: SUSE Linux Enterprise Desktop 10, and all the great 
open source software that accompanies it. 

Released in July 2006, SUSE Linux Enterprise Desktop 10 delivers 
on the promise of enhanced usability, integrated search, stunning new 
graphical effects, a comprehensive office productivity environment and 
more—all without having to upgrade your hardware. 

How has so much innovation been achieved on the Linux platform in 
such short order? Two words: the Community. Because of the openness 
and flexibility of the Linux platform, thousands of individuals and 
organizations have contributed to Linux and to the many applications 
that leverage it up the stack. (We'll explore many of these in this article, 
so keep reading!) 

As an active member of the open source community, Novell real 
izes several benefits. It has leveraged the development efforts of 
like-minded organizations and individuals to bring these benefits to 
end users. Novell products enjoy greater interoperability with a wide 
variety of platforms and applications because of the community's 
adherence to open standards. 

Novell, in turn, demonstrates its good citizenship in the open source 
community by actively contributing to and maintaining a number of 
open source projects, including: GNOME, OpenOffice and the Linux 
kernel. (See Linux and Open Source Leadership in this article as well as 
Enjoy the Sensation! in this issue.) 

Novell also sits on the board of Open Source Development Labs and 
is a member of the following three organizations: 

Open Document Format Alliance 

Open Invention Network 

Apache Foundation 


Since the release of the 2.4 kernel (circa 2000), Linux has been on a 
steady march from the edge of the network, to a reference application 
platform, to the core of the data center. Linux has become a de facto 
standard on the server, shipping preinstalled from several hardware 
vendors and system integrators. Linux server shipments alone grew 
20.5 percent from 2004-2005, compared to 15.3 percent for Windows 
servers for the same time period. (Aitpy//kwn.net/Articles/161433/) 

Is Linux a viable platform for your desktops today? YES! To 
understand the best-use cases for Linux on the desktop, it’s helpful to 
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segment users into categories. Open Source Development Labs 
(OSDL) has identified five key user categories: 
fixed function 
transactional worker 
* technical workstation 
basic office 
+ power user desktop 


Fixed Function: Felix, a grocery store clerk, uses a single point of sale 
application to perform his job. His machine boots and starts the 
application, displaying its first screen. Felix doesn’t have access to any 
desktop widgets or menus. The only interface presented is the appli 
cation itself. He interacts with it, but has no knowledge of the 
underlying Operating System and no way to access it. 

A few examples of fixed function machines include modern cash 
registers, airline boarding pass kiosks and ATM machines. 


Transactional Worker: Tracy, a hotel clerk, runs a few business appli- 
cations on the desktop. One is a DOS-based application that manages 
guest check-in and check-out. Another is a terminal emulator that 
connects to a mainframe that manages billing. The third application 
tracks reward points and is Web-based, Tracy uses Firefox to access it 
and occasionally uses e-mail to send messages to other coworkers. 

Typically, users of these desktops include travel agents, bank 
administration personnel and front office personnel. 


Technical Workstation: Tom works for a movie animation studio and 
uses a specialized application to create animated characters and scenes. 
The animation application he uses is designed to run on both the oper 
ating system and the underlying hardware. Tom also uses a simple 
e-mail program and does some instant messaging. He occasionally 
browses the Web for technical information. 

This segment includes animation studios and engineers using 
CAD/CAM. These applications are often written in C/C++ and are 
highly dependent on the operating system user interface environment. 


Basic Office: Barry, a software analyst, uses his computer for a vari- 
ety of tasks. He spends about two hours a day using e-mail and 
calendaring. He uses Firefox to do research and update his blog. He 
creates and edits internal- and external-facing documents and designs 
presentations for his company’s sales force. 

Generally, basic office workers require only basic compatibility, 
such as simple import and export functionality with other document 
formats, such as Microsoft Office. They require basic browser sup- 
port (read Firefox) to access information such as corporate guidelines, 
parts information and loan information. They use e-mail to commu 
nicate information and to send documents via attachments. 


How much time does 

a GWaArchive user spend 
restoring “Accidentally Deleted” 
messages? 


None. 


Our clients report that GWArchive literally 
pays for itself the minute they turn it on. 
No wonder it’s the leading retention 

& compliance solution for GroupWise. 


Cc 
Sy 
Novell. au eee 


©2006 Messaging Architects. All rights reserve 


These users include loan officers and insurance agents who work in 
connected environments. 


Power User: Paul, a hospital administrator, uses a variety of applica 

tions to perform his job. He uses an internally developed time card 
program, an expense reporting application and spends a healthy 
chunk of his time using e-mail. He likes a lot of the new features that 
are available with the latest e-mail client and uses them to drive bet- 
ter productivity with his staff. Gary has used his desktop for years and 
feels very comfortable and productive. 

Power users use desktop computers to drive company processes. 
They use arbitrary Windows applications that are dependent on 
Windows application program interfaces (APIs) such as MFC, Internet 
Explorer and WIN APIs. They are highly skilled in the Windows user 
interface, and they depend on being able to interact with the Windows 
operating system and Windows-based applications to do their jobs. 

Users of power user desktops employ several applications to create 
and modify complex documents for use within and outside of their 
companies. Often people in this consumer segment don’t want to move 
away from Windows. 


> Enter SUSE Linux Enterprise Desktop 10 

Desktop Linux has moved beyond geekdom and steadily meets the 
needs of a wider audience of users. Linux has been a more than ample 
platform for the first three user categories above and now meets the 
needs of the next user category: Basic Office User. 

From the beginning, the design and engineering efforts of SUSE 
Linux Enterprise Desktop 10 have focused on the needs of the basic 
office user. To this end, a full office suite, messaging and collaboration 
applications, and a full-featured browser are included out of the box. 

To create a more usable and productive desktop environment, Novell 
has invested heavily in human factors and interface testing. To help meet 
these design goals, Novell founded the Better Desktop Project and the 
‘Tango Desktop Project. Other areas of focus include full plug-and-play 
support for iPods and mp3 players, digital cameras and pen drives. 

Novell has also spearheaded development work on XGL graphics 
acceleration and the Compiz desktop effects framework. Technology 
that moves desktop usability and coolness into a whole new 
sphere...or shall I say, cube. 


> Better Desktop (betterdesktop.org) 

The Better Desktop Project is dedicated to sharing usability data 
with Linux developers. During the past year, Novell has conducted 
many usability tests on different parts of the KDE and GNOME 
desktop environments. Developers and users can watch videos of 
these tests on the Web site. 

‘Test subjects are selected from a cross section of different user groups. 
The majority are users with moderate Windows experience with little to 
no existing Linux familiarity. Subjects are asked to complete several tasks 
including browsing to Web sites, sending e-mail, playing music files and 
creating documents. Their movements, reactions (verbal and nonverbal) 
and the time to complete the given tasks are recorded and analyzed. The 
data is then used to validate the effectiveness of different interfaces and 
directly influences the graphical interface design. 


> Tango (tango-project.org) 

The Tango Desktop Project was founded to create a consistent 
graphical user interface experience for free and open source soft- 
ware. The Tango Desktop Project defines an icon style guide to 
which artists and designers can adhere. In addition, the project pro 
vides transitional utilities to assist in creating icon themes for 
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existing desktop environments, such as GNOME and KDE. What 
does this mean to your end users? They get a cohesive, consistent 
desktop experience with icons and tools in their anticipated places. 

Because Novell is the ##1 contributor to both the GNOME 
(guome.org) and KDE (&de.org) desktop projects, it channels what is 
learned through its testing back into cach desktop environment and 
quickly validates the effectiveness of any changes. You'll see this 
attention to detail in the SUSE Linux Enterprise Desktop to. 
(GNOME and KDE are graphically rich open source desktop envi 
ronments for Linux and UNIX operating systems.) 


> Office Productivity: SUSE Be Thy Name 

A desktop OS is only as usable and productive as the applications it sup- 
ports. To that end, SUSE Linux Enterprise Desktop 10 is a solid 
platform for a host of office productivity applications, let's explore a few: 


> OpenOffice.org (openoffice. org) 

With the release of version 2.0 last Fall, OpenOffice.org reaffirmed it’s 
position as the premier open source office suite in the market. 
OpenOffice.org includes word processing, spreadsheet, presentation, 
drawing and database components and is compatible with all major 
office suites, including Microsoft Office and Corel WordPerfect Office. 
The office suite is also multiplatform, running on several operating sys 
tems, including: Linux, Windows, Solaris and OS X. 

What's cool in Version 2.0? Bean counters will rejoice now that Visual 
Basic Macros and Pivot tables are fully supported. (Now all those nifty 
Excel spreadsheet functions just work.) Open standards advocates will 
smile now that all native OpenOffice documents are based on Open 
Document Format. And end users will appreciate the native look and 
feel and user interface enhancements. For a more exhaustive list of what's 
new and what's cool, see UP:-GRADED article in this issue. 

For organizations that use Windows desktops and want to leverage 
OpenOffice.org, Novell provides a fully supported Windows version 
of OpenOffice. This is also a great transitional step to migrating to 
SUSE Linux Enterprise Desktop 10. (To read about how Novell tran- 
sitioned its own employees from MS Office to OpenOffice.org, and 
gained a seven-figure savings in the process, check out the Building 


Linux and Open Source Leadership 

Novell has the greatest number of dedicated engineers working on 
Linux-related and open source projects than any other organization. 
Here’s a partial list of projects Novell is a key contributor for: | 


Apache MySQL rsync 

AppArmor’ Open Invention SAMBA 
BetterDesktop! | Network’ = Tomcat 

Eclipse OpenLDAP X.org’ : 
Evolution! OpenOffice.org’ XGL’ 7 
GCCr OpenSSL YaST! : 
GNOME! openSUSE’ _ [1] Novell is the #1 
HULA! Openswan contributor or maintain- 
Novell iFolder' Open WEBEM' . lg open source 
KDE! PHP [2] Novell is the #2 
Linux Kernel’ Perl oo a als 
Mono! PostgreSQL [3] Novell is a leading 
Firefox? Reiser contributor to this open 


source project. 


Blocks series of articles in Novell Connection magazine online at 
novell com/connectionmagazine/2004/09/tech_talk_5.htmil. 

As the number two contributor to the OpenOffice.org project, 
Novell addresses defects found by customers and the community and 
drives these enhancements back into the project. Novell also includes 
additional fonts in both the Linux and Windows versions of 
OpenOffice.org, achieving greater document fidelity and compatibility 
with other office suites. If you evaluated OpenOffice a few years ago, 
take another look. It’s arrived and here to contend! 


> Novell Evolution 2.6 (novell.com/products/evolution) 
\rguably more important than an office suite, collaboration through 
e mail and calendaring are must-haves in today’s workplace. Enter 
Novell Evolution 2.6. Evolution sports a comfortable look and feel 
and consistent user interface. Calendaring, e mail, contacts and tasks 
are all in the locations you would expect. (SEE FIGURE 1.) 

Evolution tightly integrates with several e-mail and calendaring 
back ends, including Novell GroupWise, MS Exchange and any POP 
or IMAP-enabled system. (For a list of supported platforms, sce 
novell com/products/evolution.) The e-mail client can deftly manage 
multiple e-mail accounts and apply uniform rules and filtering to all 
received e-mail. 

What’s cool? Full iCalendar support. iCal is an open standard 
that allows independent e-mail systems to share calendaring infor 
mation. This is great for cross-organizational meetings and 
recurring events. Evolution also natively integrates with the 
GNOME desktop calendar. When the desktop calendar is clicked, 
the day’s appointments and tasks also show up for the selected day. 
Appointment and meeting alarms also appear as an integrated part 
of the desktop. 

For users that are comfortable with the GroupWise user interface, 
a full cross-platform GroupWise client is also available that supports 
Linux and OS X desktops. And you can also get a native Lotus Notes 
client for your Linux desktop. 


> GAIM (gaim.sourceforge.net/gaim) 
Instant Messaging, love it or hate it, is fast becoming a necessity in 
cubeville. What OpenOffice is to office suites, Gaim is to instant mes 
saging, plugging natively into several instant messaging services. 
GAIM supports all major messaging protocols today including 
Group Wise Instant Messenger, MSN Messenger, AIM, Yahoo!, ICQ, 
IRC, Jabber, Gadu-Gadu, SILC, Lotus Sametime and Zephyr net- 
works. (SEE FIGURE 2.) 

What's Cool? A host of plug ins include real time spell checking, 
smiley shortcuts and file transfer support (depending on the system). 

GroupWise users can use the native Group Wise Instant Messenger 
Client. And the progressive, peer to-peer types can download a full 
Skype client. 


> Firefox 1.5 (mozilla.com/firefox) 
Mozilla Firefox is fast becoming the rising star of the open source 
movement. With 10 percent of the market (both Linux and Windows 
desktops), Firefox is driving innovation with features like tabbed 
browsing, RSS news feeds and integrated search capabilities. Novell is 
the #2 contributor to the Mozilla Firefox project. 

What's cool? Firefox extensions: small add-ons that offer additional 
functionality. My favorites are gmail notifier and flash block. For a full 
list of available extensions, visit addons. mozilla.org firefox/extensions/. 


> Novell iFolder 3 (novell.com/products/ifolder) 
An integrated secure storage solution for desktops and laptops, 
Novell iFolder allows you to back up, access and manage your files 
from anywhere at any time. Once installed, when you save files local 
ly (no change in routine here), iFolder automatically backs them up 
and delivers them to other machines you have designated that have 
iFolder installed. Novell open sourced iFolder in 2004 and leverages 
the community to continue to drive new features and functionality 
into the product. (SEE FIGURE 3.) 

What's cool? Full integration with Linux, Windows and OS X. 
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Simply right-click on a folder and choose to make it an iFolder. Access 
your files through a browser when iFolder is not installed on the 
machine. Integrated sharing allows you to give others on your team 
read, read/write or full control privileges to your iFolders. 


> Tomboy (tomboy.org) 
Think of Post-its without the clutter. Tomboy is an easy to use desk- 
top note-taking application that lets you rapidly capture ideas, 
information and notes as they come up throughout your day. Tomboy 
also helps to tie all this information together in a readily searchable 
and organized way. 

What's Cool? In-line spell checking. You can also easily print and 
export notes to HTML. 


> Beagle (beaglewiki.org) 

This is a very cool integrated desktop search for which Novell is the 
#1 contributor and maintainer. We've understood searching for a long 
time as it applies to the Internet, but it’s now being leveraged to its full 
potential on the desktop. Enter Beagle; never lose another document, 
Web page, chat or e-mail again. ($1) §)GL Rt) 4.) 

Beagle combs your personal information space to find whatever 
you're looking for. More than just filenames and extensions, beagle 
can search file contents of any type, such as documents, PDFs, Web 
histories, source code, images, applications, RSS feeds, IM chats and 
music and video files. 

What’s cool? Beagle is integrated into the SUSE Linux 
Enterprise Desktop 10 experience. You can search from the main 
menu or from any open Nautilus file browser. The results are light- 
ning fast, include full file previews and display the context of the 
match. You can search for the name of a coworker and immediately, 
all e-mails, chats, blogs, documents and other files containing that 
name are displayed. You can also save frequent searches and they are 
updated on the fly when you reopen them or another file that 
matches the query is saved. 


> Network Manager 

New to SUSE Linux Enterprise Desktop 10 is the Network Manager 
applet. Gone are the days of command-line enabling your wireless or 
wired Ethernet cards. Network Manager detects the fastest connec- 
tion available and chooses it for you. If you're at your desk and your 
laptop is wired to the wall socket, your wired connection is used. If 
you disconnect and roam to a meeting on another floor, it automati- 
cally chooses a wireless connection based on the availability of 
wireless networks. 

What's cool? Integrated VPN support. From the same Network 
Manager applet, you can configure your VPN connections (multi- 
ple if needed). Out of the box, it supports Nortel, Cisco and 
OpenSwan VPNs. 


> Seamless Network Integration 
SUSE Linux Enterprise Desktop 10 not only coexists, but also tight- 
ly integrates with your existing network infrastructure. The desktop 
can authenticate to Active Directory, eDirectory, LDAP or NIS cre- 
dential stores. A full Samba client—integrated into the GNOME 
Desktop —allows mapping to Windows shares. You can also use the 
Novell Client for Linux to allow users to authenticate to 
eDirectory(NDS), run login scripts and map drives. 

To print, SUSE Linux Enterprise Desktop 10 supports CUPS 
(Common Unix Printing Standard), Windows printing through 
Samba and IP-based printing. You can also use Linux iPrint client. 


> Full Laptop Support 

Yes, it’s here, full support for the advanced power management fea- 
tures in modern laptops. Hibernate and suspend are fully supported 
and you can initiate them from the Power Manager applet found in 
the system tray. Bluetooth is also supported and completely config- 
urable through YaST. Bluetooth is great for transmitting files back 
and forth from Bluetooth-enabled devices. It’s also great for wireless 
headsets, mice and keyboards. 
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> Application Compatibility 

Today, SUSE Linux Enterprise Desktop 10 meets the needs of the 
vast majority of desktop use cases. Users that run applications requir- 
ing Windows components can effectively get around that hiccup by 
using a variety of solutions, such as emulation, virtualization and 
application publishing to decouple the applications from the underly 

ing operating system. 

Often, equivalents such as OpenOffice already exist in the open 
source community that offer full compatibility with proprietary 
applications and formats. If a Linux application with the required 
functionality is not available, you should evaluate emulation as a pos 
sible solution. Wine and CrossOver Office are two solutions that 
actually leverage each other and allow Windows apps to run on Linux 
by translating Windows APIs to equivalent Linux APIs. CrossOver 
Office certifies several applications to run in its environment. For 
example, Microsoft Office, Internet Explorer and Adobe Photoshop 
are all certified to run on Linux through CrossOver Office. 

Cedega is another emulation solution targeted specifically to 
Windows Games such as WarCraft, Splinter Cell and others. Like 
CrossOver Office, Cedega continually certifies Windows Games to 
run on Linux. 

When emulation is not suitable for the target application or envi- 
ronment, application publishing using Ericom or Citrix is probably 
the right option. Leveraging Windows Terminal Services, Ericom and 
Citrix allow an organization or team to host applications on a central 
server and deliver them as needed to desktops and laptops using a 
Citrix or Ericom client. (Si /1GU Ri 5.) The experience seems like a 
regular app to the user but allows you to centrally manage iton a 
remote server. This lowers administration cost and headaches and lets 
you more tightly control the environment in which the application 
operates. Great candidate apps for application publishing are those 
that heavily leverage databases and have a lot of traffic flowing over 
the Internet. Using application publishing, you can strike the right 
balance between user experience and application performance. 


Figure 5 Windows applications on Linux desktop 
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Individual users can take advantage of Remote Desktop Services 
either through Windows Terminal Services or individual Windows 
XP. Professional Workstations using rdesktop on Linux. Rdesktop 
allows users to connect to Windows Desktops and Servers and have a 
full Windows desktop experience from a Linux desktop. 

In some cases, full OS virtualization might be the best solution for 
a target app. Virtualization, using a product such as VMWare, allows 
you to run multiple guest operating systems on top of a single host 
OS. (sib PiGuRE 6.) The classic scenario is running Windows XP 
virtualized on top of Linux. This gives you access to the full operating 
system and all of its features along with the target application. Other 
open source solutions, such as XEN and Qemu, provide similar func 
tionality to VMWare. (Check out vware.com to download the free 
vmware server and/or player.) 

To choose the best scenario for your environment, ask yourself 
these questions: Can the application become a Web service? Is the 
application certified for Wine or CrossOver Office? Can the applica 
tion be run on an existing Windows desktop and use rdp to connect? 
Can you use VMPlayer, VMServer or VMWorkstation to host 
Windows on top of Linux. Can you use application publishing with 
Citrix or Ericom? 

I'm hearing the groundswell now: “Alright, Alright, | get it. SUSE 
Linux Enterprise Desktop to is a platform that meets my office pro 
ductivity and collaboration requirements. What about this enhanced 
usability you're touting? What about my iPod and my camera? What 
about burning CDs and DVDs? What about watching the latest 
movie trailers?” SUSE Linux Enterprise Desktop 1o can deftly per- 
form all of these functions as well. Bottom line — you won't have to 
maintain a second PC with that other operating system. 


> XGL and Compiz 
Yes folks, it’s all about the cube. The XGL graphics subsystem and the 
Compiz composite manager are the biggest things to hit the Linux 


Desktop—ever. XGL and Compiz bring stunning visual effeets and 
Figure 6.) iE ich as VMWare and Xen allow multiple 
guest’ operating systems to run oar lost Linux 
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enhanced usability to Linux on the desktop. This includes windows 
translucency, drop shadows, a true 3D desktop environment and appli 
cation animations. You have to see it to truly appreciate what it can do. 

Several current and legacy graphics cards support XGL and 
Compiz. (For a list of supported cards visit opensuse.org/x@l.) The low 
end supported graphics card is an ATI, Nvidia or Intel card with 
32MB of on-board RAM, which is well below (400 percent) Vista’s 
published specs of 128 MB minimum for full graphical effects. 

“That's cool that I can spin my desktop, but what do XGL and 
Compiz really do for usability and productivity?” From my own expe 
rience with the XGL/Compiz environment, I’ve noticed a few things 
I'd have trouble living without on other desktops: 


3D Desktop Cube: The virtual desktop concept has long been 
around and is not new to Linux. What is new, is the presentation of 
these desktops ina visual cube. (Sh) PiU RE 7.) Now I have more 
desktop real estate (without requiring another monitor) and can 
drag applications from one face of the cube to another. This helps 
me logically separate the tasks I’m working on and allows me to 
quickly transition between them. Using Cal-Alt left or right arrow, 
I can spin the cube with a few keystrokes; adding Shift moves the 
focused application to the new face. If | want to see all my 
desktops, aka all faces of the cube, at once, | can use Carl:Alt Down 
Arrow to see an unfolded, movie-reel-type view of all my desktops. 


Alt+ Tab: Pressing Alt Tab allows you to quickly move between 
open applications. That’s not new either; but what is new are live 
thumbnails of my open applications on a pallet in front of my 
existing desktop. In other words, if a movie is playing in a window, 
it continues playing in the thumbnail too. As I toggle through the 
applications, the program that has focus is opaque and the others 
surrounding it are semi-transparent allowing me to see position 
and content of the focused window. 


* Seale: Scale allows me to choose a “hot” corner of the screen that 
takes all of my open, cluttered apps and tiles them neatly on the 
current desktop. I’ve also assigned a hotkey to do this: Pause. (51 | 
FIGURE 8.) 


Window Translucency: Being able to make the window in 
the foreground transparent so | could see the content on 
the windows behind was just plain cool to begin with; but | 
found when authoring a document, | used to move windows 
back and forth to see the content | needed. Now I just make 
the foreground window semi-transparent so | can sce the 
content | need on the window behind. This comes in quite 
handy when adding something extra to an e-mail or 
OpenOffice document. 


To enable and change your XGL/Compiz settings, go to Desktop 
Effects under Control Center (from the Computer menu in the 
lower left of the task bar). For the gecks in the house, you have access 
to extended compiz functionality using gconf-editor. For example, 
one thing you can do is put a background image behind the cube. 
(For a complete list of effects and keyboard shortcuts, visit 
opensuse.org/compiz.) 

Novell's own David Reveman started the XGL project which is 
now being leveraged by a host of Linux distributions, including 
SUSE, Ubuntu and Gentoo. Novell continues to be the number one 
contributor to the project. 


> iPods, Cameras and Pen Drives 

In the past, using peripheral devices with Linux was definitely not 
for the faint of heart. SUSE Linux Enterprise Desktop 10 changes 
all that. Your devices truly become plug-and-play with a host of fea 

ture-rich applications, such as Banshee and F-spot, to get the most 
out of them. 


top Cube gives users more desktop real estate 
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For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect. 


> Helix Banshee 

Banshee is a full-featured audio player and library application. With 
Banshee, you can import CDs, syne your music playlists to your iPod 
(or mp3 player), create both audio and MP3 CDs and more. (5! | 
FIGURE 9.) 

What's cool? | plug in my iPod and it’s recognized immediately. | 
drag the tracks from my library and hit synchronize. Simple as that. 
Banshee also supports a number of plug-ins that expand functionali 
ty, from integration with Audioscrobbler/Last.fm to a meta data 
searcher that automatically updates your songs with the correct track 
information and album art. 


> F-spot 

Photo Management on a Linux desktop? Yes, it’s F-spot. F-spot is a 
feature-rich, photo management application that leverages the good 
ness of mono to deliver a very usable and refined experience. Plug in 
your camera, F-spot lights up and asks if you'd like to import your pic- 
tures. Again, it’s that easy. (SEE FIGURE 10.) 

What’s cool? You can quickly tag pictures, create slide shows, burn 
pictures to CDs and export to Flickr and other photo sharing and 
publishing Web sites. 

Again, Novell steps up to the open source plate as the #1 contrib- 
utor and maintainer of the F-spot project. 


> Real Helix Player 
Real Media does open source? Yes, back in 2002, Real started the 
Helix project. An effort that included a full-featured media player 
and server. Helix is now at the core of the Linux, Mac and 
Windows Real Media Players and provides full support for a num- 
ber of audio and video codecs including Real, MPEG 1, 2 and 4, 
MP3 and Ogg. 

What's Cool? It has full streaming support and integration with 
Firefox. Visit real.com to check out all the latest movie trailers. 


> GNOME CD/DVD Creator and K3b 

You want full CD and DVD burning capabilities out of the box? You've got 
it! SUSE Linux Enterprise Desktop 10 ships with the integrated GNOME 
CD/DVD Creator and k3b (a CD- and DVD-burning app based on 
KDE). Both applications provide a full suite of features including creating 
and burning CD and DVD images, audio CDs and data DVDs. 

What's Cool? GNOME CD/DVD Creator is integrated into 
GNOME Nautilus, GNOME'’s default visual file browser. When you 
insert a blank CD, a dialog appears asking if you want to make an 
Audio CD or a Data CD. If you select Audio, it launches Banshee so 
you can create CDs based on your playlists. If you select Data, it 
launches your file browser so you can drag and drop your various files 
and folders onto the CD layout. Once the dise layout is set, just click 
Write to Disc and it burns the data to the CD. 


> Conclusion 

The Open Source Community has delivered yet again and Novell 
stands ready to deliver the best desktop experience for office users 
and geeks alike. With the full office suite functionality of 
OpenOffice.org, users can easily collaborate with peers within and 
outside the company. With full iPod support in Banshee, you audio- 
philes won't have to maintain a second PC to enjoy your music. And 
for the inner nerd in all of us, we can use the enhanced capabilities of 
a 3D desktop to drive greater productivity in our work day. 

With a list price of US$50, SUSE Linux Enterprise Desktop 10 
makes all this innovation easily accessible. You can download a 60-day 
evaluation from novell com/products/desktop/eval html. Compare that 
against the cost of the competing operating system and Office suite. 
Is there really a comparison? 

Yes! The Next Generation Desktop OS has arrived and it’s packed 
with open source innovation and enhanced usability; it’s ready to be 
unleashed on your desktop (and laptop). SUSE Linux Enterprise 
Desktop 10 is ready for you. The question is, are you ready for it? N 


Figure 9 The Helix Banshee audio p. 
transfers music to iPods and MP3 
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uring the past few years, Novell has been challenging 

the proprietary world to see if open source software can really be viable 
in the enterprise arena. Can open source be used on various platforms, 
keep my data secure, and will it really save company dollars? As the open 
source movement gains momentum and legitimacy, in concert with 
ever-increasing economic pressures, Novell has transformed its IT’ strat 
egy into searching for open source options to solve its internal needs. 

This change has come at the same time that Novell has itself become 
a company that markets both open and proprietary software, terming 
itself a “mixed-source” vendor. Obviously, Novell uses its own open 
source products internally, but it is using more and more externally 
developed open source products as well. From an IT perspective, take a 
look into some of the open source offerings we've deployed and our 
strategy to see if it might work in your business. We think you'll be 
pleasantly surprised; and so will your bottom line. 


> Introduction of Open Source Code at Novell 

One of the first uses of open source was in the data center where the 
IS&T Web Team experimented using the Apache and Tomcat Web 
and application servers. The Apache/Tomeat move proved to be high- 
ly successful. The extensive Web applications used by Novell, both for 
external customers (xovell.com) and internal employees were moved to 
these open source offerings. Since then, we've successfully deployed 
many other open source offerings. In this article, we'll give you some 
helpful hints and things we have tried that you should consider when 
looking for open source code to solve your business needs. 

At about the same time as the Apache/Tomceat transition, the 
Developer Services group needed a collaboration tool to interact with 
external developers who develop to Novell platforms. The Developer 
Services group chose an open source product called Xoops to build 
the Novell Forge site (forge.novell.com). Xoops is a content manage 
ment system that is extensible, object oriented and written in PHP 
with a MySQL database. 

Since then, Developer Services has transitioned to a product 
called MediaWiki (fronted by Novell iChain) for additional func 
tionality. The Developer Services site hosts open source projects 
that are more or less related to Novell and its products. The Forge 
site allows for project administrators to implement CVS or 
Subversion (both are open source tools) for the users’ source code 
control based on their preference. 

Bugzilla was selected as an add-on option for tracking bugs. The 
Developer Services group has modified the checksetup.pl script 
that comes with Bugzilla so users can deploy their own copy of 
Bugzilla per project if they want to track bugs. Bugzilla is an open 
source bug tracking system written in Perl and uses MySQL for the 
database back end. 
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Internal engineers were clamoring for an easy way to terease productiv 
ity by sharing reusable code among groups in the same format used in the 
open source communities. The Xoops open source package was chosen 
to create an internal project collaboration application for Novell prod 
uct development. The result? InnerForge was deployed in 2003. 

We've integrated Xoops with other open source tools: Mailman 
(used for mailing lists) and Subversion or CVS, both of which are 
used for source code control. Xoops manages the access as well as 
project information and is implemented in a way that the user can 
create their own projects, manage their own project data and control 
user access. With this self-managed implementation, it alleviates on 
going support. 

Currently, there are 569 InnerForge projects with 1,610 users and 
all with negligible manual administration. Use of these open source 
products proved to be highly successful. Fear of dependence on open 
source was reduced as users began to see the benefits in leveraging 
available code to solve business needs. 


> Novell Transitioned to a Mixed Source Company 

As the acceptance of open source was beginning to take hold, Novell 
was becoming a provider of open source software itself. Novell 
acquired both Ximian and SUSE Linux in late 2003 and overnight 
became a distributor of Linux, both on the server and the desktop. 

As Novell developers and IT personnel became more familiar 
with the open source culture, they recognized more opportunities 
to use open source. Developers, both in the product development 
groups and in IT, became familiar with the differences between 
open source and proprietary strategies and actively sought out open 
source solutions. 

Even before the SUSE Linux acquisition, Novell had put in place a 
plan to begin migrating servers in the data center to Linux. The 
migration has been moderately paced, mostly planned as servers go 
out of warranty and are replaced. Statistics show a steady migration 
during the past four years. As more and more application vendors cer 
tify their applications on SUSE Linux, the migration will accelerate. 

With these migrations, the data center has seen a decrease in 
deployment costs for operating systems and an increase stability of 
server up time. There are several reasons for this. First, Linux is much 
less expensive to license than HP-UX, Solaris or Windows. Second, 
Linux rarely requires a reboot. 

Novell’s migration to the Linux desktop and switching to 
OpenOffice has been documented in other Novell Connection maga 
zine articles: 
| juLy 2004: novell com/connectionmagaxine/2004/07/tech _talk_1.html 
2 sept 2004: novell.com/connectionmagazine/2004/09/tech_talk_5.html 
3 Nov 2004: novell.com/connectionmagazine/2004/11/tech_talk_1.html 


When the employee base moved to the OpenOffice office suite and 
their desktop operating systems to Linux, we were able to cancel our 
support contract with Microsoft which saved us US$900,000 annually. 
With the recent release of SUSE Linux Enterprise Desktop 10 in July 
2006, Novell employees are even more delighted about Linux desktop 
computing with the new functionality and the ease of use. 


> Learn About Open Source Licensing 

Generally speaking, open source software is made available under a 
license agreement. In contrast to proprietary software, obviously, the 
source code for open source software is made available under gener 
ous and royalty-free license terms. Users should understand and 
respect those license terms. Information on the most frequently used 
licenses may be found at opensource.org. 


> Models of Open Source Use/Participation 

Of course there are several ways to utilize open source software, as 
defined below. Novell has operated on all four of these levels. 

(For more information on these levels, see 7e Open Source Game: 
At What Level Should I Play?) 

| User only 

2 Contributor 

3, Decision maker 


4+ Owner 


> How To Select 
It’s obviously good practice to do careful analysis before the vendor 
selection in the proprietary world, but also in the open source world. 
During this analysis, Novell looks at three categories: 

Proprietary tools 

Custom in house development 

Open source tools 


Some of the selection criteria considered when making the decisions are: 
| Platform availability 
Performance and Support 
Features available and gap analysis of how closely they match 
the requirements 
Cost of the tool out of the box 
How much customization is needed to meet the requirements 
6 Time to implement 
7 Quality 
8 Risks involved 
9 Vendor viability 
10. Total cost including developer costs, licenses, hardware, mainte 
nance, outsource services, soft savings for users of the tool in 
time savings, and any additional on-going operational costs 


~~ 


3 
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Additionally for open source, we look at: 

* Size of the community 

- Activity of the community 
Reputation 
Other corporate users, their implementations and how closely 
that matches our implementation plan 

+ Support and documentation availability 


Usually for a proprietary tool, you have the benefit of analysts view- 
points, but for open source in general, you have to research and 
provide your own analysis. In the long run, it pays to do your home 
work up front before making the decision. 

A good rule of thumb for finding open source options is looking at 
some of the established open source community sites such as 
sourceforge.net, freshmeat.net (Keep in mind for this site, it is more untried 
and untested code where you can find the latest bleeding edge open 
source code.), fégris.org and any other big, open source repository. 
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> Examples of Mixed Source Success 

One of the obvious places for Novell to use open source was in our 
data center. Novell has a unique set of IT infrastructure products that 
have made our integrations of open source software work smoothly. 
For example, Novell is migrating source code version control systems 
to an open source tool called Subversion. Our deployment of 
Subversion uses Apache mod_auth_Idap and Novell eDirectory and 
LDAP for authentication and authorization. We also use InnerForge 
(Xoops) for managing access control. The integrations are relatively 
easy to implement because of the open standards approach used by 
Novell products and by most open source offerings. 

In our Subversion implementation, we use InnerForge (based on 
Xoops) to manage the Subversion project creations and user access to 
the code. This implementation relies on Novell eDirectory and 
LDAP for the user account information. This has been very success 
ful and does not require involvement or on-going support from our 
developer team. Users around the globe can provision new projects 
and user access without delay. 

Subversion is a great tool and has significantly less hardware and 
end-user support requirements than proprietary counterparts while 
still providing the same quality of source code control. We deployed 
Subversion on 15 July 2005 and to date we have 269 repositories 
active. The repositories are currently at 35 GB and the server has 
been running nonstop, except for a kernel upgrade on 04/08/06. 
Total accesses have been almost 10 million (9,875,246) with total 
traffic at more than 20 GB. We usually average 1.2 requests/sec at 
2,732 Bytes/second or 2,271 Bytes/request. The servers are located 
in the data center in Provo, Utah, and are accessed from our offices 
around the world. 


Another infrastructure open source tool used at Novell is the JBoss 
messaging system for service-oriented architecture. 

A popular open source database is MySQL. We are currently 
running MySQL on 21 servers with more than 75 Web applications 
using it as the back-end database. We have instances of 4.0, 4.1 and 
5.0 in production currently. We have used MySQL since 2001 and 
our top six applications currently have over 21.4 million records. 
With the later versions, there are significant improvements well 
suited for large enterprise applications. If you look at the per 
processor cost model of some of the competing proprietary data- 
bases, you can easily see the incredible savings to your bottom line. 


> Effect of Open Source on Your IT Organization 

Using open source software requires traditional developers to learn 
new skills. Open source projects utilize a multiplicity of development 
languages and scripts that might or might not be the same as existing 
applications. It’s not unusual to find open source projects with cutting 
edge, unproved technologies. Developers frequently find themselves 
needing to learn a new programming skill. Often it’s not the develop- 
er’s language of choice, so the developer must be flexible, 
open-minded and willing to learn new skills. 

In addition to new programming skills, developers must learn how 
to use open source infrastructure and databases. Sometimes the open 
source offerings may not be as mature in their feature sets as the pro- 
prietary software they supplant. Developers may feel like they are 
stepping backwards, as they begin to use the open source products; 
however, large, active communities make up ground very quickly and 
often surpass the proprietary competition. 


The Open Source Game: At What Level Should | Play? 


User Only A company can 
download the open source code 
“as-is” for use with little or no 
involvement in the project com- 
munity. This is a great option for 
developer tools or many person- 
ally used tools. Likewise, a 
company can download open 
source software for deployment 
“as is” or can customize it for its 
own use. 

Although often not “show- 
stoppers,” there are certain 
drawbacks to consider when 
customizing open source soft- 
ware and deploying it within your 
company. Customizations you've 
made to the software can make it 
a bit harder, though not impossi- 
ble, to upgrade to new releases; 
and the company might find itself 
relatively alone, responsible for 
support and new development. 


The initial advantage is that the 
first “purchase” is free. If you 
can't use the software without 
customizations, then possibly 
there are few ongoing advan- 
tages over in-house 
development except the initial 
project acceleration. 


Contributor A company can 
download, customize and con- 
tribute back to the community. 
The company developers 
responsible for the application 
actively participate in the com- 
munity and lobby for the 
customizations that are needed. 
The company minimizes its own 
customizations with the intent 
that they will always be able to 
accept a new release of the soft- 
ware without breaking what they 
already have. The company con- 


tinues to benefit from the com- 
munity’s work throughout the life 
of the community. This option 
incurs an ongoing expense; how- 
ever, the ROI tends to be worth 
the investment. 


Decision-maker The company 
can play an even bigger role in 
the community by making signifi- 
cant contributions and becoming 
part of the controlling body of the 
community. This means that the 
company-needed enhancements 
and customizations are more 
likely to be considered for incor- 
poration into the software. This 
requires a resource commitment 
from the company, and a proven 
track record in the community so 
the developers are trusted to 
become administrators or 
reviewers for the project. 


Owner The company can 
leverage the open source 
momentum by starting an 
open source project, when 
none already exists, for some- 
thing the company needs. 
This requires significant initial 
resource commitment. The 
project must have “appeal,” 
and must be nurtured to a 
point of initial usefulness to 
get external adoption and 
support. Another key element 
is to get the project visibility 
within the community such as 
mozilla.org or similar sites. 
The company must continue 
to invest enough to make 
progress and to continue to 
attract contributors until the 
project is stable enough 

with a big enough community 
to help maintain it. 
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Developers must also become accustomed to participating in a cul- 
ture in which there is constant scrutiny of their design and coding 
practices. In the open source world, fame and “stardom” are possible 
for “hackers” who impress the community with their ingenuity, inno- 
vation and rock-solid quality. At the same time, there is also a 
possibility of public loss of respect for those whose coding practices 
are not always the best. There is public pressure to code in quality as 
well as to thoroughly understand user needs. Many developers learn 
to thrive in this dynamic atmosphere. 

Open source software also demands a different development 
methodology than the traditional waterfall model. Open source proj 
ects, in general, have much shorter periods of time between releases. 
They usually follow an iterative methodology. Open source projects 
usually depend on the user community to do much of the testing, 
rather than a dedicated Q/A testing team. This requires a change in 
the user and producer relationship. The user must understand that he 
is part of the test team, and that there are bugs in the candidate 
release. The user must be more tolerant of imperfections and view it 
at his duty to “wring out” the release candidate, rather than expect 
someone else to find all the bugs. 

On large global tools like Bugzilla, Testopia or OpenOffice, we 
have deployed the new open source tool while leaving the existing 
tool(s) in place during the migration process. This allowed users to 
become familiar with the new tools and realign their processes to fit 
the new implementation. 


> In Summary 
There are many advantages to choosing an open source option. In 
short, here are some of the pros and cons we have found that you 
should consider: 


Pros: 

1 leverage more resources 

(not limited to resources within your company) 

low cost 

responsive, agile 

simplicity 

ability to customize code to meet your specific requirements 

without consulting fees 

6 no upgrade or yearly maintenance costs 

7 intangibles such as sense of contributing to the betterment 
of society 


akwohND 


Cons: 

1 possible lack of support 

2 general lack of documentation 

3 less ability to judge viability of community v. company 
4 not on analyst's radar for independent evaluations 

5 generally not as mature yet 

6 language and infrastructure consistency 


Here are a few questions to ask yourself when considering an open 

source alternative: 

1 How far out on the open source limb am | willing to go? 

2 Is open source more vulnerable when it comes to potential 
security issues? 

3 Will the community thrive or disappear? Will | be left as the 

only user? 

Is there possible developer “contamination?” 

5 Should | look at “packagers” of open source, such as Novell, (lower 
cost than proprietary) for greater confidence in their longevity? 


bp 
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For Novell, use of open source software has provided inexpensive 
software that fits Novell's needs very well. We use open source offer- 
ings on various platforms with great success and contribute at all 
levels in the open source community. With the implementation of 
Novell iChain and eDirectory products, we have been also able to 
provide the high security user-based access Novell requires for 
diverse users. 

Many of these tools allowe us to get out from under huge annual 
support and maintenance contracts and better plan staffing based on 
the tool usage. In most caseswe reduced the cost of maintenance, 
support and customization. 

Also, in general, hardware choices prove to be much less expensive 
than what is required for many proprietary solutions. Thus Novell has 
benefited not only in terms of significant reduced costs, but also in 
terms of flexibility and agility in meeting internal needs. Novell would 
answer a resounding “YES! You can use open source software on various 
platforms, save a significant amount of company dollars and keep your data 
safe and secure.” We have been doing all of these for several years now 
and have demonstrated that you can use open source to run an enter 
prise business with great success. 

Future articles in this series will use case studies to show, in detail, 
how we planned and implemented some of our world-wide deploy- 
ments, what is needed for successful implementations and, viable 
open source tools for developers. Until then, check out So What Does 
Novell Use? to see many of the successful open source offerings Novell 
is using internally and where you can find more information about 
them. Just as before, you might not only be pleasantly surprised at the 
list, but you'll probably also be amazed. N 
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know what you're thinking. Bell bottoms were definitely 
cool the first time around, but their re-release at the beginning of the 
century was a fashion bust. You may even have a similar experience 
with that favorite band of yours. Their first album was beyond com 
pare —and then along came album number two. They changed their 
sound, got a new bass player and the whole experience put you off. So 
sure, OpenOffice.org 1.0 was a good office suite, but based on your 
experience, 2.0 is going to resonate about as well as shoulder pads 
after 1987. Well, you'll be surprised. 

OpenOffice.org is the most popular open source office suite avail 
able. According to Wikipedia, “OpenOffice.org has secured 14 
percent of the large enterprise market as of 2004. The 
OpenOffice.org Web site reports more than 61 million downloads.” 

Equipped with all the usual components of an office suite, 
OpenOffice.org provides open source alternatives for word process- 
ing, spreadsheets, HTML. editing, presentation and drawing tools, 
and a database application. OpenOffice.org is translated into more 
than 30 languages so if it’s not available in your language now it’s like- 
ly to be very soon. OpenOffice is also platform agnostic, running on 
all major computing platforms including Microsoft Windows, Mac 


OS X, Linux and Solaris. 


> Looking Back at OpenOffice.org 1.0: OOo Yeah! 

One of the most convenient features of OpenOffice.org 1.0 was the 
integrated export to PDF which allowed you to save documents in a 
standard, read- only format accessible with any operating system. 
That functionality is obviously much enhanced in version 2. 

You didn’t have to worry about training and ramp-up time gouging 
your business productivity. OpenOffice is intuitive with a familiar 
look and feel to other competitive products. Any employee or indi 
vidual accustomed to other office suites will find exactly what they are 
looking for exactly where they look for it. 

If you've still got doubts, here's an important fact: OpenOffice.org 
reads all major file formats from other office products and can coex 
ist with other suites. Long gone are the days of keeping a dark closet 
full of antiquated machines just so you can read your old, dusty files. 
If you have a 25 year-old document, you can open it up like it was cre- 
ated yesterday. 


> OpenOffice.org 2.0: OOo Baby! 
Even though OpenOffice.org was a smash hit with version 1, version 2 
is even better with several enhancements and new features. Among 
those new and enhanced features are: 

an improved and extensively customizable interface with new 
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multipane views, menus, floating toolbars and native 

desktop integration 

a cross-platform database application comparable to Access 
that allows you to create self contained, portable and cross 
platform database applications that are immediately portable 
to users on any operating system supported by the 
OpenOffice.org office suite. 

complete XForms support so it is now easier to create, edit and 
use forms inside documents. Using XForms, documents can be 
more interactive with links between them and data. (XForms is 
the standard defined by the W3C for Web forms.) 

support for up to 65,536 rows of data in a spreadsheet 

major improvements to the spreadsheet and database DataPilot 
feature which enables advanced analysis of data 

native installers so you can install OpenOffice using MSI. CAB 
or .RPM files depending on your operating system 

digital signatures so you use standard digital certificates 

much more 


Linus Torvalds, author of the Linux kernel said, “Given enough eye 
balls, all bugs are shallow.” That said, hundreds of thousands of users 
have participated in the beta testing of version 2, flushing out defects 
and validating it as an enterprise quality piece of software. 

As for the PDF export enhancements, version 2 now gives users 
more control over the quality and size of the PDFs that are gencrat 
ed. It also includes support for links, indexes, forms, thumbnails and 
presentation transition effects. 

Apart from all the other new enhancements in version 2 is the 
adoption of a new open standard format that will help users around 
the world communicate better for years to come. OpenOffice.org 2.0 
is the first office suite to incorporate the new OASIS 
OpenDocument format (ODF) which is a set of XML-based stan 
dards for document creation. Let me explain. 


OASIS (Organization for the Advancement of Structured 
Information Standards) is a not-for-profit, international consor 
tium that drives the development, convergence and adoption of 
e business standards. Distinguished by transparent governance 
and operating procedures, OASIS expressly promotes industry 
consensus and unites disparate efforts. Founded in 1993, OASIS 
has more than 5,000 participants representing more than 600 
organizations and individual members in 100 countries. 


OpenDocument Format (ODI) This consortium of thirty five 


See 


py 
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by Tonia Conger 
re . 


OpenOffice.org 2.0: This Sequel Is Better Than the Original And You'll Never Go Back. 


Open Source Tools Used at Novell 


Product Category Novell’s Role Where can | get the tool 
AppArmor security tool Owner en.opensuse.org/Apparmor 
Evolution integrated mail, address book, Owner gnome.org/projects/evolution 
and calendaring 
Mono software development - Linux Owner mono-project.com/Main_Page 
SUSE Linux Enterprise Server server operating system Owner novell.com/linux 
SUSE Linux Enterprise Desktop desktop — operating system and services Owner novell.com/linux 
Testopia 1.0 test case management tool Owner mozilla.org/projects/testopia 
YaST OS setup and configuration tool Owner novell.com/yast 
Apache 4.1.31 HTTP server Contributor tomcat.apache.org/index.html 
Banshee music Contributor banshee-project.org/Main_Page 
Beagle search tool Contributor beagle-project.org/Main_Page 
Compiz visual effects Contributor en.opensuse.org/compiz 
F-Spot photo management Contributor f-spot.org/Main_Page 
Firefox Web browser Contributor mozilla.com/firefox 
GNOME desktop environment Contributor gnome.org 
Helix media Contributor https://helixcommunity.org 
MySQL database Contributor mysql.com 
OpenOffice.org 2.0 office suite Contributor openoffice.org 
openSSH secure sockets Contributor openssh.com 
openSSL secure shell Contributor openssl.org 
Subversion 1.3.0 source code control - CVS on steroids, Contributor subversion.tigris.org 
rapidly replacing CVS 
Tomcat 4.1.31 Java engine Contributor tomcat.apache.org/index.html 
Xgl intricate graphical operations Contributor en.opensuse.org/Xgl 
Bugzilla 2.22 defect tracking system Decision-maker bugzilla.org 
(This is customized heavily with internal integrations into other systems; however, it works great out of the box. ) 
Big Brother network services monitoring User bb4.org 
Bluefish Web authoring User bluefish.openoffice.nl/index.htm| 
CVS 1.11.1p1-16.n1 source code control - concurrent User nongnu.org/cvs 
versions system 
Dojo 0.3 Javascript toolkit User dojotoolkit.org 
Eclipse 3.1 Integrated Development Environment User eclipse.org 
and various plugins 
Gaim 1.5.0 multiprotocol instant messaging (IM) client User gaim.sourceforge.net 
GCC programming language compiler User gcc.gnu.org 
Gimp image editing User gimp.org 
Google AJAX toolkits Web toolkit for building Java apps User code.google.com/webtoolkit 
JBoss jms 4.0.3 SOA messaging and application server User jboss.org 
Mailman 2.1.3 list server software User gnu.org/software/mailman/index.htm! 
MediaWiki 1.5.8 most widely used Wiki engine User mediawiki.org/wiki/MediaWiki 
Nvu Web authoring User nvu.com/index.php 
OpenLDAP platform-independent LDAP protocol User openidap.org 
Perl 5.8.3 programming language User dev.perl.org 
PHP 4.3.4 programming language User php.net 
Plone 2.1.3 content management system User plone.org 
PostgreSQL database User postgresql.org 
Prototype Javascript framework User prototype.conio.net 
Python programming language User python.org 
Quanta+ Web authoring User quanta.kdewebdev.org 
Reiser file system User namesys.com 
Rsync incremental file and directory transfer User rsync.samba.org 
and synchronizer 
Samba file and print services User samba.org 
Saxon 8.7 XML parser User saxon.sourceforge.net 
Squirrel 2.2 SQL front end User squirrel-sql.sourceforge.net 
Synergy 1.3.1 mouse and keyboard sharing User synergy2.sourceforge.net 
Twiki 20040902 Wiki engine that allows restricted subWebs User twiki.org 
ViewVC 1.0-dev (pre-release) browser-based view into MySQL User yolinux.com/TUTORIALS/VNC. html 
database tables 
VNC remote desktop User 
WireShark (previously Ethereal) network protocol analyzer User wireshark.org 
WordPress 2.0.2 blog engine User wordpress.org 
Xoops 1.0 RC 3.0.5 project collaboration User xOOps.org 
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The OpenOffice.org project mission statement reads: “To create, 
as a community, the leading international office suite that will run on all major 
platforms and provide access to all functionality and data 
through open-component based APIs and an XML-based file format.” 


vendors and individuals (including IBM, Sun, SAP, Oracle, Novell 
and Adobe) got together and decided to standardize basic office 
suite capabilities including saving and exchanging the office docu 
ments you know and love like memos, reports, books, 
spreadsheets, databases, charts and presentations. This standard, 
called OpenDocument Format (ODF), is publicly accessible and 
can be implemented— royalty free— into any open source or 
closed proprietary product. 


ODF was created specifically to provide an open alternative to 
proprietary document formats so organizations such as yours 
could avoid vendor lock-in. It also enables document portability 
which lets you open documents created with different office 
suites on different platforms. Perhaps the most significant busi 
ness benefit ODF offers is the preservation of older documents. 
Given a document's lifecycle can last years and years, there's a 
risk that very old documents are unreadable by newer office 
suite versions: however, since each document format is based on 
the same set of standards, they can be preserved, opened and 
edited indefinitely. 


Though many office suite applications support the 
OpenDocument Format, not all have agreed to play. Regardless, 
ina research document dated May 12, 2006. Gartner predicts that 
by 2010, ODF document exchange will be required by 50 percent 
of government and 20 percent of commercial organizations. 


nongovernmental organization (NGO). its ability to set standards 
which often become law through treaties or national standards 
makes it more powerful than most NGOs, and in practice, it acts 
as a consortium with strong links to governments. Participants 
include several major corporations and at least one standards body 
from each member country. 


Some ISO standards of interest include the following: 

- ISO 6709: Standard representation of latitude, longitude and 
altitude for geographic point locations 

+ [SO 9660: CD-ROM file system aimed at supporting different 
computer operating systems 

* 1S$O 7001: Public Information Symbols standardized the icons 
for locating toilets, car parking and information throughout 
the world. 


I'm thinking of suggesting an ISO standard myself; one that elimi 


nates big pointy collars, anything made of polyester and any band 
reunion that doesn’t include all the original band members. 


“With adoption of ODF by ISO/IEC, 


software that implements the standard will 


now become more attractive to 
those European and other government 
purchasers for whom global adoption 


by ISO/IEC is either desirable or required.” 


Dawn Kawamoto, CNET News.com 


“Productivity applications such as 
OpenOffice 2.0, Sun Microsystems’ StarOffice 8 
and IBM’s Workplace support OpenDocument. 
Microsoft, however, is not supporting 
OpenDocument and instead is seeking ISO 
standardization for its own Office 
Open XML formats.” 


Dawn Kawamoto, CNET News.com - 


OpenOffice.org Easter Eggs 


So, OpenOffice.org aims to provide the same functionality as 
Microsoft Office emulating its look and functionality where suit 


| 1 In Calc, enter =Game(‘StarWars”) into any cell and get a playable 
version of Space Invaders 

2 In Calc, enter =Game(A1:C3;"TicTacToe”) into cell A4 for a 
playable version of the game | 


ISO/IEC Good news came May 3, 2006 when OpenDocument 
Format was ratified by members of the International 
Organization for Standardization (ISO) and the International 
Electrotechnical Commission (IEC). While ISO defines itself as a 
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Exchanging documents with others that still use Microsoft Office becomes seamless. 
OpenOffice.org has even been able to open files of older versions of Microsoft Office 
and damaged files that newer versions of Microsoft Office itself even couldn’t open. 


OpenOffice.org Programs 


Writer 

Similar to Microsoft Word, Writer is the word processor available with 
OpenOffice.org. With Writer, your end users can author documents, 
export them to PDF with no additional software, and can also edit Web 
pages using Writer as a WYSIWYG HTML editor. Familiar functions such 
as tracking changes, document formatting and mail merge is essentially 
the same experience. 


Calc 

The spreadsheet app, which is similar in features to Microsoft Excel, 

is Calc. It provides several features not present in Excel including a 
system which automatically defines series for graphing, based on the 
layout of the user’s data. Calc now also offers Visual Basic Macros and 
pivot table support for a truly seamless spreadsheet experience. Similar 
to Writer, Calc can save as a PDF file, allowing data to be reviewed 

by different individuals within your organization without the threat of 
unauthorized edits. 


Impress 

A presentation program with a similar experience to Microsoft PowerPoint. 
Impress has the ability to create PDF files as well as export presentations 
to Macromedia Flash (SWF) files which allows you to run them on any 
computer with the Flash player installed. If your end users are working on 
a presentation, Impress has readily available templates you can download 
from the Internet. 


Base 

Base is new to OpenOffice.org 2.0. A database program similar to Microsoft 
Access, Base enables your end users to create and edit databases and 
build forms and reports for analyzing your data. Similar to Access, Base 
works as a front-end to a number of different database systems, including 
Access databases (JET), ODBC data sources and MySQL/PostgreSQL. 


Draw 

Comparable in features to CorelDRAW, Drawis a vector graphics editor featuring 
versatile “connectors” between shapes, which are available in a range of line 
styles and facilitate building flowcharts and other drawings. End users can use 
Draw to create graphics that visually define your enterprise products/services. 


Math 

Like Microsoft Equation Editor, Math is a tool for creating and editing 
mathematical formulae. These Formulae can be embedded within other 
OpenOffice.org documents, such as those created by Writer or Calc. With 
Math, your end users can create documents such as invoices, save them 
to PDF and send them electronically to your clients. 


Macro Reader 

Macro Reader is used to automate tasks by recording user actions and 
replay them later. Similar to Microsoft Visual Basic for Applications (VBA), 
Macro Recorder is available in both Writer and Calc. In addition to being 
based on StarOffice Basic, OpenOffice.org 2.0 Novell Edition supports 
running Microsoft VBA macros. 
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Structure of a Spreadsheet 

A spreadsheet is made up of individual shpate, Each sheet contains various cells, arranged in 
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able. It can also read and write most of the 
file formats found in Microsoft Office and 
many other applications. The ability to read 
and write Microsoft Office documents is an 
essential feature of the suite for many users 
because they exchange documents with 
organizations throughout the world that still 
use Microsoft Office. This exchange 
becomes seamless. OpenOffice.org has been 
found to be able to open files of older ver 
sions of Microsoft Office and damaged files 
that newer versions of Microsoft Office itself 
couldn't. Hmm. 

OpenOffice.org 2.0 includes CALC, a 
spreadsheet application like Excel. Cale 
delivers additional features such as Visual 
Basic Macros and pivot table support; lending 


> OpenOffice.org 2.0 Novell Edition: 
OOo La La 

Novell is the number two contributor to the 
OpenOffice.org project which puts it in the 
valuable position to be able to address 
defects found by customers and the commu- 
nity and drive needed enhancements back 
into the product. 

The Novell Edition delivers support for 
Microsoft Word and Excel password pro 
tected files so you can continue to protect 
your document security. Also included are 
extra fonts for greater document fidelity and 
compatibility with other office suites. This 
makes document exchange fool proof— ren 
dering the same document regardless of the 
original format. 


Novell is the #2 contributor to the 
so falter project which 
puts it in the valuable position of 
addressing defects found by 
customers and the community 
and driving needed enhancements 
back into the product. 


toa familiar and thorough spreadsheet experi 
ence for your bean counters. If your end users 
don’t experience parity when switching to the 
new office suite, the transition might be 
painful. With the addition of Visual Basic 
Macros and pivot table support, everyone ts 
happy, all the time. 

Another feature new to v2.0 which will 
really knock your socks off is the native 
widget toolkit. These native widgets match 
the theme of OpenOffice.org 2.0 to what 
ever operating system you are using with 
the help of icons and typeface rendering 
libraries. If you're on Linux, OpenOffice 
will adjust to match attributes of Linux, 
and the same goes for other platforms. The 
benefit of native widgets is a consistent 
experience for the user. Without this toolk 
it OpenOffice might stand out like a pair of 
red socks, against the rest of your applica 
tions. But with them, you experience 
nothing short of a consistent, streamlined 
power suit! 


Another important benefit to boast is the 24/7 
technical support for which Novell is known; your 
enterprise will always have an OpenOffice.org 
expert to call when something is unclear. 

If you haven't yet made the leap to the 
Linux platform, don’t despair. A Windows 
version of OpenOffice.org 2.0 is also avail 
able from Novell. This version gives your end 
users the opportunity to take OpenOffice 
for a spin and experience the parity. Once 
they're on board, a decision to move to Linux 
won't cause delays in worker productivity. 

Not just lipstick on a pig, it introduces many 
notable new and functional features, and brings 
with it the validation of a worldwide communt- 
ty that continues to grow. So closely tied to its 
users, OpenOffice.org is regularly improved by 
contributors such as Novell, incorporating rec 
ommendations made by its user community. 
So, my friend, retire your 8-TRACK, burn 
those leg warmers and stop lamenting the 2005 
tour of Twisted Sister. OpenOffice.org 2.0 is 
truly a revised version you can applaud! N 
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Securing Your Applications: 
Deploying Novell AppArmor With 
ZENworks Linux Management 
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n the last issue of Novell Connection, we got a glimpse of some 
of the new features of SUSE Linux Enterprise 10 that make this a 
standout product and place it above competitive offerings when it 
comes to addressing the needs of enterprise users. Chief among those 
requirements is the protection of corporate assets and compliance with 
strict regulations, even as the threats against those assets are escalating. 

‘To better meet the needs of business users, Novell has contributed 
an extra layer of security with its SUSE Linux Enterprise 10 release. 
AppArmor is an open source project led by Novell that delivers a 
unique profile-based security to Linux systems (both server and desk- 
tops) and provides businesses with very granular control over what 
the deployed systems can and cannot do. 

Last quarter in Novell Connection, we learned how AppArmor clos 
es the door on application breaches, and allows developers and system 
administrators to effectively wrap a layer of security around each 
individual application. In this article, we'll give you a recipe for using 
ZENworks Linux Management to distribute AppArmor security 
profiles to multiple servers within your organization, and talk about 
some of the new security features in development for AppArmor. 


> The Threat Inherent in Vulnerable Applications 

Software flaws in complex applications provide attackers with an 
avenue to compromise systems that host critical data in the enter- 
prise. Firewalls and other forms of perimeter security only solve part 
of the problem because businesses have to open their network to 
access by customers, partners and mobile employees. So the perime- 
ter essentially shrinks down to the machine that hosts the critical 
data. IT organizations str ugele to keep these machines patched to 
protect against the latest exploits, but this reactive security strategy 
still leaves businesses exposed. 

With experience, hackers are becoming faster at exploiting a vul- 
nerability and sometimes a hacker may be the first to discover the 
vulnerability. A zero-day exploit is one that takes advantage of a secu- 
rity vulnerability on the same day that the vulnerability becomes 
generally known leaving businesses little or no time to download, test 
aril apply patches to their systems. 


> Introducing AppArmor and ZENworks Linux Management 
AppArmor is an application security framework, integrated with SUSE 
Linux Enterprise, that provides mandatory access control for programs, 
protecting against the exploitation of software flaws in applications that 
can lead to compromised systems. AppArmor provides a way to lock 
down those systems so that software flaws, whether they are known or 
unknown, can’t be exploited to compromise the system. 

And AppArmor solves the problem of zero-day exploits by providing 
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a proactive security model that enforces good application behavior 
regardless of the type of attack. The AppArmor framework consists 
of a complete set of tools that facilitates the development of custom 
security policies so you can effectively deploy security policies for 
open source, commercial and custom applications with only about a 
half day of training. 

Novell ZENworks Linux Management makes it easy to embrace 
and extend Linux in your existing environment. It is the only solution 
that uses Policy-Driven Automation to deploy, manage and maintain 
Linux resources. It also provides automated and intelligent policies 
that allow centralized control across the lifecycle of Linux systems for 
desktop lockdown, imaging, remote management, inventory and soft 
ware management. The result is a comprehensive Linux management 
solution that dramatically reduces the overhead needed to manage 
Linux systems. 

After you update an AppArmor profile, you might want to distribute 
the new profile to systems with similar configurations. Though you can 
do this with a Linux shell, ZENworks Linux Management provides an 
casy, fast and reliable method to distribute AppArmor profiles. This 
article provides a recipe for distributing updated AppArmor profiles 
using the ZENworks Linux Management bundle interface. 


> Getting Started 
Here's what you'll need to start distributing AppArmor policies 
using ZENworks: 
Two or more SUSE Linux Enterprise Server or Desktop 
machines with ZENworks agents installed (one as the server) 
* Novell AppArmor installed and enabled on machines to be 
managed by ZENworks 
AppArmor RPM creation script 
(download instructions below) 
* Some ZENworks knowledge 
* A ZENworks-compatible Web browser (such as Firefox) 
OPTIONAL: Some knowledge of bash commands and vi 
* OPTIONAL: Knowledge of RPM package creation 


> Creating and Distributing New Profile RPMs 
It’s easy to create new AppArmor profiles using the static analysis and 
learning mode tools included as part of the AppArmor framework. 
See A Hardened Backend in the Q2 2006 issue for detailed instruc 
tions, or take a look at the AppArmor User's Guide at 
novell. com/documentation/apparmor. 

Now, let’s say we have just created an AppArmor profile for the 
Gaim chat client included on the GNOME desktop. This is an appro- 
priate application to secure because it listens to an open network port 


AppArmor provides a way to deg dow 
whether they are known or unknown, can’t 


on your desktop and is therefore vulnerable to outside attackers. The 
AppArmor profile for Gaim will be called something similar to 
opt.gnome.bin.gaim and is in the directory /ete/apparmor.d/. 

Now, let’s distribute this profile to a number of similarly config 
ured machines. To distribute this profile using ZENworks Linux 
Management, you need to package it as an RPM. You can create 
the RPM manually, or by using a script that Novell has created 
which does most of the work for you, including version control, 
placing the profile in the appropriate directory, and making sure 
any abstractions used in the profile are packaged up and delivered 
to the target machines. 

Whether you are planning to use the RPM script or create an RPM 
manually, first download the RPM script because it contains a few 
packages important for the completion of either process. To down- 
load the AppArmor RPM script, go to opensuse.org/apparmor and click 
on the AppArmor _RPM_ script link. 
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> Manual Creation of RPM 

Once you have the AppArmor RPM script, open a terminal window 
and follow these instructions to build an RPM from this profile: 

| Move to the directory that contains AppArmor profiles. 

cd /etc/apparmor.d/ 


2 Prepackage the profile you want to distribute. 
tar cvzf apparmor-profile-thisprofile.tgz thisprofile 


3 Move the tar file to the RPM source directory. 
mv apparmor-profile-thisprofile.tgz 
/usr/src/packages/SOURCES/ 


+ Move to the directory with the RPM specfile template 
/usr/src/packages/SPECS/apparmor-profile- 
template.spec 


tah 
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Figure 1 When creating a new bundle on the E 
bundle, the display name, the folder and an opti 


Home Devices Policies 


Bundles > Create New Bundle 


Create New Bundle 
> Step 2: Name and Description 


Enter a name. display name. location. and description for this new Bundle 


Name: 
lapparmor- -profile-sshd- 1- : 


Display Name: 
parmor-profile-sshd-1-1 


Folder: 
undies 


Description: 
ipdated sshd proty Te 


“ 


Figure 2 You can choose the target platform as 
installation on that platform using the RPM File Upic 
also choose to freshen the RPM. 


il as the type of 
oad dialog, You can 
RPM File Upload 


et platform, install type, and whether « 
se button to find the RPM file to upload 


yw Not this RPM shoul 


Then cli 


Target Platform: | suse-93-1S86 


Install Type: 
I” Freshen (upgrade only if installed) 


[ Auto-Detect 


RPM File to Upload: 


|/var/tmp/apparmor-profile- sshd- 43 L.noarch.rpm 
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5 Copy (don't move) the template file to an appropriate name. For 
example, if you are distributing a new Gaim profile, copy the file 
to “apparmor-profiles-gaim.spee”. You might want to append the 
version number to the spec file, though this isn’t required. 

cp apparmor-profile-template.spec 

apparmor-profiles-gaim.spec 


6 If this is not the first time you've updated this profile, launch a 
text editor (such as vi), and increment the number in the 
“Release:” field and resave the spec file. 

Update the following fields to appropriate values: “Summary”, 
“Name”. “Sourceo”, “Provides:”. Also update the install and 
%file lines. 

8 To build an RPM, do the following: 

rpmbuild -ba apparmor-profile-gaim.spec 


~] 


9 Go to the section “Uploading RPMs with ZENworks” below 
to finish. 


> RPM Creation Using the Provided Script 

Here’s an alternate method for creating an AppArmor profile RPM 
using the script you downloaded earlier. 

| Execute the RPM building script. 

perl /usr/sbin/pkg-aa-profile.pl 


2 Answer the questions when the script prompts you. You'll need to 
know the name of the profile (for example, opt.gnome.bin.gaim), 
and optionally a release number. The release number is necessary 
to differentiate between different RPMs that might be created on 
different machines. It will default to ‘TV’ if nothing is entered. 

3 An RPM will be created in the /var/tmp/ directory. 


either before or after the bundle has been distributed. 


Home Devices Policies Bundles Reports Configuration 


Bundles > Create New Bundle 


Create New Bundle apparmor-profite-sshd-1-1 
<= Sep 4: Detribution Scripts 


that will be run before and after the bundle is 


Pre-Distribution Script: 


Executable Type: 


Post-Distribution Script: 


Executable Type: 


> Uploading RPMs with ZENworks 

The ZENworks Control Center, a Web-based tool for administering 
ZENworks features, is available with ZENworks Linux Management. 
Once you authenticate to the system, your browser goes to the 
ZENworks Linux Management home page which gives an introduc 
tion to the system and instructions on the basic functions of 
ZENworks and the Control Center. 

The Control Center lists all your devices grouped by server and 
workstation. This list features inventory, assigned bundles (such as 
sets of RPM packages to deliver), and other information about each 
of your devices. From the ZENworks Control Center, you can assign 
RPM packages to be delivered in bundles and installed to any device 
or groups of devices. 


‘To upload RPMs to ZENworks Linux Management, do the following 

Log in to the ZENworks management interface. 

Select the Bundle tab in the ZENworks interface. 

Select New, then Bundle from the drop-down menu. 

Select RPM Package Bundle and click Next. 

Enter a Name, and optionally a Display Name and Description. 

Click Next. (SEE FIGURE 1.) 

6 Click on Upload RPM. Click Browse and go to the /tmp/var 
directory. Select the RPM you created. Click Open. The name of 
the file should appear in the text field. Click OK, then click Next. 
(SEE FIGURE 2.) 

7 Leave the settings for the Pre- and Post-distribution scripts at 
“None.” Click Next and repeat it for the following dialog. 

(SEE FIGURE 3.) 
8 At the confirmation screen, click Finish. 


A Bw he 


There will be a pause, then you should see a success screen. 
Click OK. 
Figure 4 he AppArmor Profile Dialog, you can examine the details of a 


single profil Y add, edit or delete entries 


in this form you can view * 
and modify the contents of 
an individual profile. For 
existing entries you can 
double click the 

permissions to access a 
modification dialog 


Permission Definitions: 


¢ AppArmor Profile Dialog 


AppArmor profile for /optignomebin/gaim 


| File Name Permissions 
‘#include abstractions/audio 

include abstractions/base 

#include abstractionsibash 

#include abstractons/consoles 

#include abstractions/gnome 

#include abstractions/‘Ade 

#include abstractions/nameservice 
#include abstractions/per| 

#include abstractions/user-tmp 

Jbintdash 

ddevirandom 

Jetciesd.conf 
fetcfopt’gnome/pango/pango modules 
/etcioptignome/panga/pango64 modules 
JoptMozillaFirefox/binsirefox.sh 
Joptignomeybinégaim. 
Joptignome*bin/gnome-open 
doptignomelib/GConti2igconfd-2 


® profile 


ete profile 


Add Entry ~ 
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For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect. 


> RPM Distribution Using ZENworks 

Now that we have developed a profile, creat 

ed an RPM for that profile and uploaded it 

into ZENworks Linux Management, it’s 

time to distribute that profile to our target 

machines. Just a few more steps and we'll be 

finished! 

| Login to the ZENworks management 
interface (if you have not already). 

2 Select the Bundle tab in the ZENworks 

interface. 

You should see the name of the bundle you 

created in the previous section (such as 

apparmor-profile-gaim-1.1.rpm). Click on it. 

+ Select Add from the drop-down menu. 
Select Add again at the next screen. Now 
you will see a pop-up box. Select the 
appropriate group from the list, such as 
Workstations. Click OK. Click Next. 

5 Select Relative to Refresh from the drop 

down menu for both of the following 

forms. Click Next each time. At the 

Special Flags screen, click Next. 

At the confirmation screen, click Finish. 
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> Confirming the Bundle Installation 
ZENworks bundle updates work on a 
schedule, and the bundle installation will 
occur on the next scheduled refresh. 


> Checking Bundle Status 

You can check for success or error messages 
in the bundles screen by clicking on the 
name of the bundle. You may 5 click on 
Refresh link on the right-side menu to see 
pending events related to the bundle. 


> Checking or Changing the Refresh 
Schedule 
| Select the Device tab. 


2 Select the appropriate group related to 
the host you want to configure. 
3 Select the device (hostname or 
system alias). 
+ Select Settings. 
5. Select the Device Refresh Schedule tab. 
6 If you previously changed the refresh 
schedule, skip this step. This option will 
not be available. Otherwise, click the 
Override settings link. 


7 Change the Days, Hours and Minutes 
fields to the numbers you want. For 
example: “o” Days, “o” Hours, “30” 
Minutes, will make the system refresh 
every 30 minutes. 


The refresh schedule will 
not be updated until the next 
refresh event. 


> Conclusion 

AppArmor secures individual applications 
against latent defects and protects an entire 
system against a particular threat, such as a 
network attack, by protecting all applica- 
tions that face the network. AppArmor was 
designed for usability to meet the needs of 
most Linux users, both home and enterprise. 
SUSE Linux Enterprise includes the 
AppArmor framework, a set of default secu- 
rity profiles and a comprehensive tool set for 
developing custom profiles. ZENworks 
Linux Management is a powerful solution to 
deploy, manage and maintain Linux resources. 
Using ZENworks Linux Management, you 
can easily deploy AppArmor profiles from 
a central location to multiple machines in 
your enterprise. N 


Additional Reading 
AppArmor Information, Novell, 
novell. com/apparmor 


ZENworks Product Information, Novell, 
novell. com, products/zenworks 


AppArmor Whitepaper, Novell, 
novell. com, collateral/4821055/4821055.pdf 


AppArmor, Documentation for versions 1.2, Novell, 


| novell. com/documentation/apparmor, 


AppArmor Software Download, OpenSUSE, 
Attp;//en.opensuse.org/Apparmor 


RPM Howto (dated, but useful), rpm.org, 
rpm.org/RPM- HOWTO, 


Packaging Software with RPM, IBM, 


Aupy/www-128.ibm.com/developerworks/library/L-rpm 1 
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uppose that for the last several weeks you have been sub- 
mitting project proposals to be considered and hopefully included in 
the 2007 IT budget plan for your company. The overall plan has final- 
ly been pulled together and you have been summoned to the final IT 
budget review. As the meeting opens, your boss thanks everyone for 
all of the hard work they have put into the budget process. The first 
slide your boss shows on the screen is a comprehensive list of all the 
projects that had been submitted. Wow! Besides your projects, many 
others had been submitted and several had very important and strate- 
gic-sounding titles. As the boss moves quickly through the next few 
slides, you notice the overall dollar figure allocated to next year’s 
budget seems huge, even though it is accompanied by phrases from 
the boss like “doing more with less” and how it really is possible to 
“squeeze blood from a turnip.” With that much money on the table, 
you hope more than one of your projects will be funded. 

As the final slide comes up, everyone starts to chatter. The normally 
calm IT demeanor becomes the chaos of dozens of startled exclama- 
tions and mini conversations. The title bar reads “Approved 2007 
Budget Projects.” Why the commotion? Below the title bar you read 
only three items: 
| Upgrade Hardware to Support Microsoft Vista 
2 Renew Microsoft Enterprise Agreement 

(with software assurance) 

3 Roll out Microsoft Vista and Office 2007 

(when they are finally available) 


You can’t believe your eyes. Every strategic project was being put on 
hold while the entire IT budget was being allocated to (or decimated 
by) one vendor. When the room is finally quiet, the boss steps back up 
and thanks everyone again for their hard work and opens the meeting 
up for questions. As the shock of the plan falls onto the crowd, one of 
the more senior IT administrators raises his hand. His question is sim 
ple: “Are you serious?” The boss’ reply, which will forever echo through 
your mind, was both short and ominous: “What choice do we have?” 


> You Always Have A Choice 

The Novell Open Workgroup Suite was announced at Novell 
BrainShare 2006. It was highlighted in a recent article in the Novell 
Connection magazine. (See The New Novell Open Workgroup Suite in the 
2nd Quarter 2006 issue or online at novell com/connection- 
magaxine/2006/q2/suite_deal html) \t represents a complete workgroup 
productivity solution from desktop to server and includes networking 
and infrastructure services, collaboration tools and resource and sys- 
tems management—as well as an open desktop environment and office 
productivity suite. The industry has taken note, and many organiza- 
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tions are already deploying this open, cost-effective alternative to a 
Microsoft-based workgroup infrastructure. But understanding that 
other organizations want to make the shift in phases, this article will 
give you practical ideas on leveraging specific components of the suite 
to save money, increase flexibility and position you to take advantage 
of a full, open standards-based solution when the time is right. 

If you're reading this article, you more than likely manage Net Ware 
and/or Windows servers and use at least one other Novell solution, 
for example, GroupWise or ZENworks. You might have dabbled with 
Linux, extended or repaired directory schemas, and you know that the 
term GINA refers to a graphical interface for identification and 
authentication and not your coworker’s girlfriend. Every day you arm 
yourselves to fight in the [T war being waged both inside and outside 
your company. The reason for battle is clear: The enemy is within the 
walls. But who or what is the enemy, and how can the Novell Open 
Workgroup Suite help you in your daily fight? 

This is the first in a series of articles in which I will provide steps 
and strategies to help IT shops, both large and small, identify the 
enemy within their walls and win the IT war. We'll lay out a battle 
plan, or roadmap, to successfully get from point A to point B, utilizing 
many of the tools and solutions found in the Novell Open Workgroup 
Suite. The technologies included in the Novell Open Workgroup 
Suite empower you to make choices (rather than locking you in) while 
helping you be flexible as your ['T landscape changes. 

Now let’s be honest: working in IT is really about minimizing dis- 
ruption while maximizing productivity, all at a reasonable cost. This 
article focuses on what you can do today to shore up, extend and protect 
your current IT investments using just a few of the technologies 
found in the Novell Open Workgroup Suite; and do so without dis 
ruption to your users. In subsequent articles we'll discuss how you can 
best determine your blend of heterogeneity, and in the process, look 
for ways to significantly reduce your costs of owning and managing 
the desktop. I'll also show why the term “Workgroup” is a vital part of 
the Novell Open Workgroup Suite name, and how it can lead to 
greater productivity at lower costs. 

Finally, I'll explore what it means to bring your company the bene- 
fits of Linux in the workgroup and how you can successfully get 
there.Now let’s be honest: working in IT is really about minimizing 
disruption while maximizing productivity, all at a reasonable cost. 
This article focuses on what you can do today to shore up, extend and 
protect your current IT investments using just a few of the technolo- 
gies found in the Novell Open Workgroup Suite; and do so without 
disruption to your users. In subsequent articles we'll discuss how you 
can best determine your blend of heterogeneity, and in the process, 
look for ways to significantly reduce your costs of owning and manag- 


“If you know the enemy and know yourself, 
you need not fear the result of a hundred battles.” 


ing the desktop. I'll also show why the term “Workgroup” is a vital 
part of the Novell Open Workgroup Suite name, and how it can lead 
to greater productivity at lower costs. Finally, V'll explore what it 
means to bring your company the benefits of Linux in the workgroup 
and how you can successfully get there. 


> Know the Enemy And Know Yourself 

Who is the enemy that IT departments do battle with on a daily 
basis? According to Sun Tzu (a general who lived in the 6th century 
BC and was a contemporary to one of the greatest Chinese thinkers 
of ancient times: Confucius), it is vital to know who the enemy is so 
you can know how to fight to win. He wrote a very influential book 
on military strategy entitled The Art of War. 

Some of you might wonder who the enemy is I keep referring to. No, 
the enemy is not Microsoft. The enemy relates to control, or rather lack 
of control over your I'T infrastructure. In many cases, very unintentionally, 
an IT department is its own worst enemy. They continue down paths 
paved years before, without knowing the reasons why, or challenging the 


Sun Tzu 


rationale for processes they follow. The first step toward fighting the 
enemy and regaining control of your infrastructure is to know yourself; 
meaning know what your IT infrastructure consists of. Doing this 
means bringing every device out of darkness and under management; 
knowing what every device consists of and where it is. 

The Novell Open Workgroup Suite is comprised of several key 
server and workstation technologies and solutions. (See Hitting The 
Suite Spot.) The key to bringing every device under management is to 
install the ZENworks 7 agents on every device, specifically the Asset 
Inventory component. (See ZENworks 7 Components.) 


Start Small 
Asset Management is a fairly recent addition to the ZENworks suite 
of products. If you haven't used the Asset Inventory feature of 
ZENworks 7, then | recommend you start small. Asset Inventory has 
two different modes of deployment: 

stand-alone 

enterprise 


Figure 1 ZENworks Asset Inventory Basic Configuration. The stand-alone deployment mode runs all of the server processes on a single machine, including an MSDE 
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The stand-alone deployment mode runs all of the server processes 
ona single machine, including an MSDE database which is used to 
store all of the collected inventory information. (Si) 1 }GURE 1.) 
The stand-alone deployment mode is good for evaluations and pilot 
projects. Even if you are familiar with Asset Inventory, you should 
start with a small sample of representative machines so you become 
familiar with the types of inventory you'll be collecting, and under- 
stand the potential customizations you might want to implement. 
Asa part of the initial data collection, you can involve users in the 
processes. When a scan takes place, users can be prompted to enter 
indirect inventory information—such as the department or the 
user’s phone number— you want included in the inventory details. 
Once you collect your first round of data, look at a workstation 
detail report to see if you like the level of detail you are getting. 
While Asset Inventory includes an extremely detailed database of 
commercial applications, it obviously won't recognize any applica- 
tions that have been developed in house. By reviewing the FNI 
(Files Not Identified) section of the report, you can see what appli 
cations were found but were not matched to any known applications 
in the database. You can provide your own data to identify these 
applications so the applications will be recognized and reported on 
subsequent scans. Once you get your initial data collection the way 
you want it, expand your scope to include another group of 
machines, gather your new inventory, scrub and customize your data, 
and expand your scope again. There have been several articles in 
previous editions of Novell Connection magazine focusing on Asset 
Management and ZENworks. (See Manage Your Assets in the 
May/June 2005 issue or online at novell. com/connectionmagaxine/ 
2005/05/tech_talk_s.html) The important thing to remember here is 
to start small, get your data sets configured the way you want and 
then expand out. 


> Move Not Unless You See An Advantage 

Once you have collected all of the inventory data for your environ: 
ment, you can standardize all of your Windows systems on Windows 
XP. Why Windows XP? Surprisingly, Sun Tzu provides some insight. 


“Move not unless you see an advantage; 
use not your troops unless there 
is something to be gained; fight not 
unless the position is critical.” 
Sun Tzu 


In other words, if you're looking for a more open alternative to 
Windows in the long term, you shouldn't be spending money to 
upgrade it in the short term. With the impending (somewhere on the 
horizon) release of Windows Vista and Office 2007, where is the real 
advantage? Will Vista be a nondisruptive force, increasing productiv 
ity at a reasonable cost? Or are you more inclined to make the move 
to Linux, realizing the benefits that open standards bring to work 
group support and productivity? If this is the case, but you want to 
make the transition at your own pace, it’s reasonable to secure your 
Windows XP environment and leverage additional life from it as you 
deploy SUSE Linux Enterprise Desktop—also included in the 
Novell Open Workgroup Suite—in areas where it makes sense. 

Once you've done this, as we'll discuss in future articles, you can 
gain additional flexibility and cost savings by replacing Windows 
based applications with open alternatives. 

If, in your company, you see an advantage in upgrading certain 
desktops to Vista, the inventory data you collected with the Asset 
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Inventory component of ZENworks 7 will be vital in determining 
which hardware in your environment is Vista ready, which hardware is 
Vista compatible and which hardware is Vista averse. 


> Make Your Position Unassailable 

Once you know what you have and moved your older Windows desk- 
tops to Windows XP or SUSE Linux Enterprise Desktop, it’s 
important to secure your investment. 


“The art of war teaches us to 
rely not on the likelihood of the enemy’s 
not coming, but on our own 
readiness to receive him; not on the 
chance of his not attacking, but 
rather on the fact that we have made 
our position unassailable.” 
Sun Tzu 


Is your current position unassailable? Have you ever been hit by an 
automatic update from Microsoft (SUS/WUS) that keeps you busy 
for days? Have you ever been infiltrated by a worm or virus because 
you failed to deploy an existing operating system patch? This is where 
implementing a Patch Management solution comes into play. 
Without a Patch Management solution in place, you could literally 
spend a full-time resource installing and updating patches in a medi 
um-sized network of 1000 workstations and 10 servers all day every 
day (including weekends). 

That's why the Novell Open Workgroup Suite includes the 
ZENworks 7 Suite, which delivers comprehensive server, desktop and 
handheld management tools. Also as a part of ZENworks 7, users get 
a 90-day evaluation version of Novell's Patch Management solution. 
You need to dedicate a machine to act as the patch server. The disk 
space requirements are fairly significant, because the machine serves 
as a patch storage machine, and some patches (like SP2 for Windows 
XP) can be very large. 

For a small evaluation, 5 GB of free space on the server is sufficient. 
For a fully loaded patch server (which will handle up to 1000 devices), 
the server should have at least 20 GB of free space. If you're doing an 
evaluation, you can use MSDE 2000 (which is limited to 8 concurrent 
connections) that comes with the software. For a fully loaded patch 
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server, MS SQL Server 2000 is required and the number of connec- 
tion licenses needed are dependent on the size and frequency of the 
patching policies that are implemented. 


Strike At What Is Weak 

If you are not familiar with the Novell Patch Management solution, 
you will find it interesting, and extremely valuable, that the solution 
supports more than just operating system patches. Patches from mul- 
tiple vendors including Microsoft, Novell, Adobe, Real, Macromedia, 
Corel, McAfee, Sophos, Authentium, Command, Oracle, Sybase, 
Citrix, IBM, Compaq, Dell, Apple, CA, Symantec, SAP and Norton 
are collected and distributed through Novell’s Patch Management 
Solution. Like everything else Novell does, patching is policy-based 
and can be set up to automate compliance. The Novell Patch 
Management Solution simplifies and automates the entire patching 
process from obtaining the initial patch, which has already been vali- 
dated, to testing, piloting and mass deployment of the patch into your 
infrastructure. (SEE FIGURE 2.) 


“So in war, the way is to avoid what is 
strong and to strike at what is weak.” 


Sun Tzu 


Where are you weak? Do you know? Not only does the Novell Patch 
Management Solution support multiple vendors, it also supports 
multiple platforms —including Linux and Windows 98, which even 
Microsoft no longer supports. Similar to the Asset Inventory solu- 
tion, the Novell Patch Management solution provides a series of 
robust reports providing detailed information on your infrastruc- 
ture’s current state with information on how you should proceed. As 
stated previously, information is power, and the information provided 
the Novell Patch Management solution empowers IT personnel to do 
their jobs more effectively. 
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Patching Costs Beyond 90 Days 

Once the 90-day trial has expired, the cost to continue using the 
Novell Patch Management solution is $18 per device per year. That's 
$1.50 a month or about 5 cents a day per device. Compared with a full- 
time resource needed for a medium-sized network of tooo 
workstations and 10 servers, a little over $18,000 per year represents a 
sizable cost savings. 


> Taking The Offensive 

Charging blindly into the IT war can be fatal for your IT budget, 
detrimental to your user productivity and disruptive to your strate- 
gic position. 


“Security against defeat implies 
defensive tactics; ability to defeat 
the enemy means taking the offensive.” 


Sun Tzu 


The Novell Open Workgroup Suite gives you the ammunition to 
take the offensive. Initially, you can use the Novell Open Workgroup 
Suite to discover your assets, extend your investment and secure it 
while you deploy open alternatives in areas that make sense. This can 
easily be done with little or no disruption to your users or their pro- 
ductivity, at a very reasonable cost. 

In the next two articles we will look into the next steps of how you 
can strategically apply other technologies and solutions from the 
Novell Open Workgroup Suite following this phased approach. We'll 
show you how you can reduce the sizable portion of your IT budget 
likely devoted to Microsoft Office by deploying the Novell Edition of 
OpenOffice.org, which, when acquired as part of the Novell Open 
Workgroup Suite, is supported on both Linux and Windows. We'll 
also discuss open alternatives to other common end-user applications. 
Finally, we'll cover strategies for replacing back-end technologies and 
tools that will save you additional money and prepare you for a Linux- 
based environment. Migrating servers to Open Enterprise Server, 
switching Exchange to GroupWise on Linux and leveraging other 
components of the ZENworks Suite will all be covered. As a result, 
you'll see that you do have a choice when it comes to workgroup pro- 
ductivity, and that it can be open. So stay tuned! N 
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8 Personality Migration 


) Software Packaging 


10 Patch Management 


11. Asset Inventory 
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The IT Infrastructure Library (ITIL), 
Its Best Practices and How ZENworks Asset Management 
Can Help YOU Get There 


48 riirp QuARTER/ 2006 


RR nae ot Re me emer EY 


NOLLOIG 


Aub 


Pte eon nbae 
959 BELAIRE CRETION: 


nless you live on a deserted island, you have probably 
heard of the IT Infrastructure Library—commonly referred to as 
ITIL. If you haven't, see /T Gets It in the March/April 2005 issue for 


more information on ITIL (xovell.com/connectionmagazine/2005/03/ 


tech_talk_2.html), or take a quick look at the What Is ITIL sidebar. 

What you may not be as familiar with, is the importance of soft- 
ware asset management to successful ITIL implementations, or even 
that there is a specific ITIL book dedicated to Software Asset 
Management (SAM). ZENworks Asset management can play a key 
role in automating and supporting several key ITIL best practice 
areas, including Software Asset Management and Service Support. 

This article reviews ITIL best practices and summarizes how 
ZENworks Asset Management functionality can be mapped to spe- 
cific ITIL guidance in these areas. 


Software Asset Management 

While many ITIL projects are centered around Service Support and 
Service Delivery, the ITIL guide to Software Asset Management is 
gaining traction as a process framework for managing enterprise soft- 
ware assets. 

ZENworks Asset Management offers IT managers a host of capa- 
bilities that support and enable ITIL initiatives including Service 
Support, Service Delivery along with Software Asset Management; 
however, the focus of ZENworks Asset Management is in dealing 
with the complexities of IT assets, and software in particular. 


ITIL Books 


The Office of Government Commerce publishes and 
updates books on the following topics: 


* Service Support (Service Desk, Incident Management, Problem 
Management, Configuration Management, Change Management and 
Release Management) 

* Service Delivery (Capacity Management, Financial Management for IT 
Services, Availability Management, Service Level Management and IT 
Service Continuity Management) 

* Software Asset Management (SAM) 

* ICT Infrastructure Management 

* Application Management 

* Security Management 
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SAM Defined 

The ITIL Best Practices for Software Asset Management Guide 
defines SAM as: “..all of the infrastructure and process necessary for the 
effective management, control and protection of the software assets within an 
organization, throughout all stages of their lifecycle.” 

The ITIL SAM Guide consists of 10 chapters that outline every- 
thing from SAM basics to tools and technology. In the following 
sections, we map specific recommendations and guidance to 
ZENworks Asset Management capabilities to show how the product 
supports this important framework. 

Since ITIL deals fundamentally with process, much of the guide 
addresses recommendations around policies, procedures and related 
documentation. As such, only those sections and recommendations 
directly related to tools and technology are addressed in this article. 


ITIL Best Practices to ZENworks Asset 

Management Mapping 

Chapter One: Introduction 

1.4 SAM Principles 

A scalable, structured approach needs to be adopted in order to 
achieve [SAM objectives] for each organization. 

It is impossible to implement an effective SAM process without 
the successful design, development, implementation and maintenance 
of an accurate SAM database, automatically updated from the live 
infrastructure. 


ZENworks: ZENworks Asset Management provides a way to organize 
SAM-related activities around a structured, scalable database. 
ZENworks Asset Management offers a complete, automated 
inventory process, including: 
- agentless network-wide discovery 
agent-based workstation/server inventory with numerous 
automated scheduling/scanning options 
optional input forms to update inventory data 


1.5.1 Managing Risks 
SAM facilitates the management of significant business risks including: 
- legal and financial exposure 
damaged reputation 
unexpected financial workload impact 
security breaches including unauthorized disclosure of 
confidential information 
snexpected problems with acquisitions/mergers/demergers 
interruption of operations 
unsupportable operations 


ZENworks: By enabling an effective SAM program and ensuring 
compliance with software license provisions and intellectual property 
laws, ZENworks Asset Management helps address the key risks out- 
lined in ITIL Best Practices for SAM guide. 


1.5.2 Controlling costs 

* better negotiating position 

* improved strategic infrastructure planning 

* prevention of software over-deployment 

* reduced hardware costs 

* improved software purchasing arrangements 

- reduced cost of internal licenses support 

* reduction in process and direct infrastructure costs 
* reductions in problem-resolution costs 

- potential tax benefits 


ZENworks: With a single location for software asset information, 
ZENworks Asset Management enables an organization’s database; 
you gain the ability to control and reduce costs associated with soft- 
ware licenses, upgrades, maintenance and support. 


1.6.5 Potential issues for implementing SAM 
Underestimating the effort required to identify installed software. 


ZENworks: Accurately identifying software applications (not just 
files) is a core strength of ZENworks Asset Management. Using a 
unique, patented approach based on a Knowledgebase, built and 
maintained by Novell Technology Analysts, ZENworks Asset 
Management identifies and distinguishes: 
* normalized manufacturer, product, edition and version 

suites and suite components 
* category/subeategory 
+ OS and app service packs/releases and OS hotfixes 
- serial numbers 

virus definitions/engines 

evaluation versus full product installs 
* runtime versus full version distinction 
- language editions 
* locally defined products, for example, in-house applications 


1.9.1 Overall baseline recommendations 

Inventories: Create and maintain accurate inventories of software and 
hardware assets including costs, with secure control over access to 
software assets, for example, proof-of license and distribution copies 
of software. 


ZENworks: ZENworks Asset Management offers comprehensive 
hardware and software inventory. Software purchase information 
and proof-of-ownership data can be imported or input to support 
license counts. 


1.9.1 Overail baseline recommendations: 
Reconciliations: Perform regular reconciliations of the following and 
resolve any identified exceptions promptly: 

A. what is actually installed against 

B. what is recorded against 

C. licenses owned 


ZENworks: ZENworks Asset Management includes several methods 
and tools to facilitate the reconciliation of the license view of software 
inventory to purchased products, including: 


Reseller connectors (CompuCom, Softchoice, SH] and 
Software Spectrum) 
Product catalog to aggregate individual purchases and ensure 
one-time reconciliation 

- Autoreconcile tools to match purchased products to discovered 
products 


Chapter Two: Context 

2.1 Special characteristics of software assets 

- Software is frequently upgraded and license conditions can change 
with each upgrade 
End users are asked to agree to licenses during installation and 
are sometimes asked to install and run other programs as 
evaluation software. 


ZENworks: ZENworks Asset Management addresses these software 

specific challenges: 

* Upgrade license records in ZENworks Asset Management can be 
linked to base licenses to create a relationship and record license 
amounts properly 

+ The sophisticated software inventory methods used in ZENworks 
Asset Management distinguishes between full and evaluation 
software for many major manufacturers and titles. 


Chapter Five: Process Overview 

5.2.1 Core Asset Management processes Asset Identification 
ZENworks: The core capability of ZENworks Asset Management is 
asset identification and tracking related asset attributes. 


What is ITIL? 


ITIL was developed by the Office of Government Commerce (OGC) in 
the United Kingdom in the 1980s and provides a comprehensive, con- 
sistent and coherent set of best practices focused on the management 
of IT services and related processes. ITIL best practices are described 
in a series of books published by the OGC and used by many organiza- 
tions worldwide to: 


* develop a common set of terminology for IT and business 
professionals 

* define predictable and reliable IT services that cross IT silos 

* implement IT process improvements and improve service levels 

* reduce the cost associated with IT services and support 

Industry analysts have noted that organizations are using ITIL and other 

process frameworks to move from a traditional IT organization focused 

on technology to a service-oriented IT organization focused on business 

services. Figure A lists attributes of these two types of IT organizations. 


Figure A 
Traditional IT Organization 
technology focus 


Service-oriented IT Organization 
process/service focus 


fire-fighting preventative 
reactive proactive 
users customers 


isolated/silos 
one-off/ad-hoc 
informal processes 

IT internal perspective 
operational-specific 


integrated/enterprise-wide 
repeatable/accountable 
formal best practice 
business perspective 
service orientation 
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5.2.2 Core Asset Management processes Asset Control 
ZENworks: ZENworks Asset Management uniquely identifies assets 
and tracks them through their lifecycle to ensure proper control. 


This information is automatically updated as purchase records are 
imported and inventories are refreshed. So, managers can clearly see 
when licenses are available to be deployed. 


5.2.3 Core Asset Management processes Status Accounting 
ZENworks: ZENworks Asset Management tracks configuration 
details from scan-to-scan and provides comprehensive history reports 
to show changes over time. 


5.2.4 Core Asset Management processes Database Management 
ZENworks: ZENworks Asset Management is based on a core data- 
base that is optimized for asset tracking and reporting. 


5.2.5 Core Asset Management processes Financial Management 
ZENworks: ZENworks Asset Management allows you to record soft- 
ware purchase information, including costs, to provide a financial 
basis for decision-making and analysis. 


5.3.4 Procurement 
During the process of the internal order, a check should be made as to 
whether there are already any available licenses to be used. 


ZENworks: ZENworks Asset Management Web Console provides 
IT and procurement managers easy access license compliance reports 
that show critical information in one view: 
+ licenses owned (entitlements) 
: licenses consumed (installed) 

over/under license status 
* software usage levels 


5.3.4 Procurement 
There need to be corresponding procedures to formally transfer the 
license if management is handled on a decentralized basis. 


ZENworks: ZENworks Asset Management includes a license alloca- 
tion feature that allows purchased licenses to be allocated and 
reallocated based on department, site, cost center and workstation. 


5.3.6 Deployment 
During the deployment stage, all components of a release are 
deployed to their agreed and approved environments. 


ZENworks: Using ZENworks Asset Management in conjunction 
with ZENworks Suite, IT managers can align operations with SAM 
and license compliance data to ensure that deployments do not cause 
compliance violations. 


5.3.7 Operations/Monitoring ongoing operations relevant to SAM 
Identify individual exceptions to SAM policies, for example, instances 
of unauthorized software installed on workstations immediately or 
soon after installation. 


ZENworks: ZENworks Asset Management offers several ways to 
archive this best practice: 
* With the unique Knowledgebase approach to discovery, software 


S owned (entitle- 
(installed), over/under license status, and softv 
2d as purchase records é 
s can Clearly see when licens- 


usage leve 
imported a s are refreshed s¢ 
es are available to be deployed. 


Purchase Records ~ Product Catalog ~ license Records ~ Discovered Products. Reports 


Software Compliance Report Run Date; 5/26/06 


Report Time Period: All History in Database 
View: All, All Platforms Filter: Manufacturers Microsoft 
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Microsoft Project 2000 
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Microsoft Visual Basic Professional Edition 


Microsoft Visual C++ NET 2003 


ZENworks Asset Management easily runs reports that show exceptions 
polic such as software applications that have been recently added or 
tions that haven't been used, or hardware that has had compo- 
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is categorized to help IT managers identify applications that may 
be problematic. For instance, common malware is categorized 

and IT managers can be alerted to its presence on managed 
workstations. 

ZENworks Asset Management allows IT managers to create their 
own categories for applications, for example, nonstandard, so they 
can report and alert based on their own policies. 


5.3.8 Software deployment optimization 


Active software usage (as opposed to just installation or availability) 
should be reviewed periodically to determine whether deployment 
corresponds to end-user needs. 


ZENworks: ZENworks Asset Management includes comprehensive 
software usage tracking and analysis. Once enabled, it automatically 
tracks usage of all applications and correlates it back to known appli 
cations within the Knowledgebase. Data tracked includes: 

* application 

active usage time (foreground window) 

runtime (total time opened) 

number of starts 

last used 

workstation 

user 


What in the World is a CMDB? 
Is ZENworks Asset Management One? 


You can hardly discuss ITIL without explaining the role of the 
Configuration Management Database (CMDB). At the core of the CMDB 
is what ITIL calls Configuration Items (Cls). 


Cls are defined as: Any Component that needs to be managed in order 
to deliver an IT Service. Information about each Cl is recorded in a 
Configuration Record within the CMDB and is maintained throughout its 
Lifecycle by Configuration Management. Cls are under the control of 
Change Management. Cls typically include hardware, software, 
buildings, people and formal documentation such as process 
documentation and SLAs. 


A CMDB is defined as: A database used to manage Configuration 
Records throughout their lifecycle. The CMDB records the attributes of 
each Cl, and relationships with other Cls. A CMDB may also contain 
other information linked to Cls, for example Incident, Problem or Change 
Records. The CMDB is maintained by Configuration Management and is 
used by all IT Service Management Processes. 


Most analysts and practitioners involved in ITIL projects recommend 

a federated approach to building and maintaining the CMDB. The 
federated approach involves a CMDB that only stores a subset of the 
information about Cls, incidents, changes, etc. The federated CMDB 
model involves linking numerous databases and mechanisms with 
which to synchronize (or at least import) data. In this model, the CMDB 
contains baseline information on infrastructure components and their 
relationships such that management can produce reports. 


At its core, ZENworks Asset Management contains Cls, Cl attributes 
and some of the relationships that need to be tracked under ITIL. 
While ZENworks Asset Management does not contain data about 
incidents, problems, requests for change, etc., some organizations 
find that it serves as a good baseline CMDB; however, other 
organizations use ZENworks Asset Management as a “feeder” in 

a federated CMDB model. 


5.4 Verification and compliance 
Any truly effective SAM process will have automated methods for 
trapping noncompliance issues and escalating them to the appropri- 
ate resources for immediate attention. 

The SAM process should not only be capable of trapping and esca- 
lating these issues but also to instigate remedial action. 


ZENworks: Within the ZENworks Asset Management Web Console, 
IT Managers can set alerts for out-of-compliance situations. These 
e-mail alerts can be tailored based on severity, for example, quantity 
of under-licensed situations, so they can be sent to the appropriate levels 
of management. 

Using ZENworks Asset Management in conjunction with 
ZENworks Suite, IT managers can take corrective action to uninstall 
applications to correct compliance violations. Of course, this only 
makes sense if the license is not needed, which can be easily determined 
through software usage information in ZENworks Asset Management. 


8.9 Current purchase records 

Organizations can benefit from having access to current purchase 
records. Some resellers offer a download capability into in-house 
SAM systems for recording all licenses purchased for use in License 
Management. 


ZENworks: In addition to supporting a general import format, 
ZENworks Asset Management includes reseller connectors (current- 
ly including CompuCom, Softchoice, SHI and Software Spectrum) 
whereby specific reports of license transactions from these resellers’ 
Web sites can be downloaded and imported directly into license 
tracking in ZENworks Asset Management. N 


About ZENworks Asset Management 


ZENworks Asset Management, introduced in mid-2005, 
includes comprehensive hardware and software discov- 
ery and tracking along with license compliance and 
software usage analysis. 


Asset Inventory, a core component of ZENworks Asset Management, 
includes network discovery and computer hardware and software asset 
tracking. Asset Inventory is included in the ZENworks Suite and existing 
customers of the following three products with upgrade protection or 
maintenance are entitled to it: 

¢ ZENworks Suite 

e ZENworks Desktop Management 

« ZENworks Server Management 


Built on top of Asset Inventory, Asset Management includes: 
* Software Compliance 

¢ License tracking 

* License view of software inventory 

* Reconciliation and compliance status 

* License allocation 

* Software standards management 


Software Usage Analysis 
* Monitoring 
* Trend reporting 
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By Randy Britton 


Freeing Yourself From the Demands and Restrictions of Provisioning and Software License Compliance 


n its early days, IT asset management revolved around one 
thing: counting. How many PCs do you have? How many copies of a 
certain application do you own? How many PCs are associated with 
those licenses? While the data obtained from enterprise-wide inven- 
tories informed important projects, such as technology upgrades and 
migrations, hardware lease contracts and software license redeploy- 
ments, the fact remained that young IT asset management processes 
were relatively primitive and rarely drove critical business decisions. 
Today, the stakes are higher. Thanks to increasing pressure to prove 
value to the enterprise, IT organizations have evolved their asset 
management strategies beyond simple bean-counting exercises. 
Mature IT asset management (ITAM) programs now proactively 
drive high-level initiatives such as service support and delivery, and 
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are integral to maintaining a healthy bottom line. Software asset man- 
agement, especially, has moved to the forefront as a means of 
complying with regulatory concerns such as Sarbanes-Oxley, and 
meeting the stringent audit requirements of software vendors and 
third parties such as the Business Software Alliance (BSA). 

However, software license compliance is a tall order and recent data 
indicate that current approaches aren't sophisticated enough to meet 
the challenge. According to a recent Forrester report, conversations 
with clients who have implemented ITAM projects indicate that 
around one-third of these projects were unsuccessful; either they were 
one-off Y2K exercises that involved manual ITAM data collection 
that nobody wanted to maintain, or the necessary process and organi- 
zation changes around the TAM project were unsuccessful.! 

There is a fundamental disconnect between what software is provi- 
sioned by the organization, and what actually ends up on users’ PCs. 
Why this disconnect? Because despite enormous advances in software 
access management applications and processes, software provisioning 
remains tied to an inefficient paradigm of associating licenses with 
machines. Stuck in such a cycle, current practices can’t account for the 
movement of employees around an organization, or provide any true 
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insight into license usage versus license requirements, which places I'T 
staff on constant fire watch. When it comes to ensuring license compli- 
ance, then software asset management remains as unevolved as before. 


People, not PCs 
IT departments are used to thinking in terms of nodes. Major tech 
nology purchases and contract negotiations, are most often based on 
the number of PCs residing within the company. On an abstract level, 
nodes translate to employees, but such a thought process is a major 
contributing factor to the failure of license-compliance initiatives. 
Why? Because within this context, asking “How many PCs do | 
manage?” focuses disproportionate attention on machines, not the 
users behind them and forces IT staff back into perpetual inventory 
mode. If you could ask a slightly different question, though—“How 
many people work here?”—you can begin to shift the paradigm. 
Thinking in terms of human—not technology—resources enables you 
to also think in terms of entitlements, not license installations. Instead 
of inefficiently tracking PCs and their associated software, you can 
imagine tracking employees and their needs—a concept that forms the 
basis of a revolutionary new approach to IT asset management. 


Identity-based IT Asset Management: 

Framing the Approach 

The concept of identity-based entitlements is nothing new. 
Enterprise security solutions such as Novell Identity Manager have 
embraced it as an industry standard in authentication for several 
years. (SEE P1GURL |.) While an effective identity management pro- 
gram comprises a variety of interrelated components, which vary 
according to organizational needs and maturity, the common theme 
that glues the components together is role-based access control—that is, 
the process of assigning resource entitlements to individuals based 
upon their function(s) in the organization. 

Borrowing from this approach, an identity-based asset manage- 
ment program would shift attention away from hardware and toward 
individuals. Where licenses were once tied to machines, they would 
now be tied to users; software entitlements would be based on prede 
termined roles, and access to these entitlements—as well as their 
provisioning — would be centrally controlled. (SEE FIGURE 2.) Such 
an approach allows for much greater visibility of licensing across the 
organization, and more streamlined tracking and administration of 
compliance activities. 


Essential components 
Successfully implementing an identity-based asset management pro- 
gram depends upon three key elements: 


1 A clear process, articulated across the organization, for defining specific 
user roles and the software required to successfully perform those roles 
Within the asset management realm, the main objective of role defi- 
nition is simple: To provide the vehicle for associating software 
entitlements to people instead of machines. How you define and 
implement these roles doesn’t matter; why you do it, on the other 
hand, does —for this is the crux of the paradigm shift. Remember that 
current approaches perpetuate the need to inventory machines and 
licenses, then reconcile the two; but a properly deployed role-based 
asset management system guarantees that what you own will always 

jive with what your users are entitled to. 

What's more, under this model, software licenses become portable and 
hardware doesn’t matter—at least in terms of compliance. Freed of con- 
cerns about what's installed where, you can finally move beyond counting 
machines and licenses, focusing instead on more strategic initiatives. 


2 A unified means of tracking users and their associated software 
entitlements 

Once you've defined organizational roles and their related software 
requirements, you need to keep a close handle on the information. A 
centralized repository enables a holistic view of entitlements across 
the enterprise, and serves as your definitive record of authorized 
licenses and their associated users. What this repository looks like 
depends entirely on your organization; regardless, it bears repeating 
that the repository must support the association of users—not 
machines—to entitlements, else the paradigm will fail. 


3 A way to prevent unauthorized “self-provisioning” of resources 

Finally, you need to ensure that, once provisioned, users can’t access 
or install unauthorized software via unapproved purchase and down- 
load, or bringing in software from home, for example. Desktop 
lockdown—while admittedly unpopular with users—may be a simple 
first step. Centralized license management and control—closely tied 
to an official entitlement request and approval process— might be a 
more distant goal. Ultimately, access control should work in tandem 
with your entitlement repository to ensure that all roles and their 
associated licenses are consistently reconciled. 


The Benefits 

A well-planned, well-implemented identity-based asset management 

program leverages software license management activities into signif 

icant financial and productivity gains: 

- Gives greater leverage in contract negotiations to prevent 
overpurchasing: license requirements are predefined, not based 
on trends. 
Frees IT staff for more strategic initiatives: licenses travel with 
people; no more wiping machines when employees change jobs or 
machines. Tighter control also eliminates unauthorized 
installations and the associated problems. For self-audits, simply 
compare inventory data with licenses in the central repository. 
Decreases the risk of noncompliance fines: you keep machines 
under tight control, reducing the likelihood of illegal software 
installations. 

* Centralized control and tracking prevents unauthorized access 
and self provisioning. 
Entitlements follow people so additional license requests are 
limited to new hires or role changes. 


Conclusion 

Gartner forecasts, by 2008, 30 percent of large organizations will 
experience at least one onsite software audit per year With such a 
threat, IT and executive staff alike seek a bulletproof means of ensur- 
ing license compliance. Legacy approaches to software asset 
management have thus far prevented organizations from achieving 
this goal; unless asset management vendors and practitioners alike can 
make a paradigm shift, license compliance will remain a thorn in 
organizations’ sides. 

Because of its ability to tie roles to entitlements, track those asso- 
ciations and prevent unauthorized provisioning, an identity-based 
asset management process is far superior to existing license compli- 
ance initiatives. As interest in this concept grows, look to Novell— a 
leader in enterprise-wide resource and identity management—to 
champion and develop the innovations to support it. N 


[1] Source; Forrester Research Note: "IT Asset Management, Q3 2006," Peter 
O'Neill, 4 August 2006. 

[2] Source: Gartner Research Note: “Prepare for Continued Software Audits in the 
Short Term,” J. Disbrow and A, Bona, 11 January 2006. 
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Getting the Full Impact from the Four Ds of Designer: 
Design, Develop, Document and Deploy 


58 THIRD QUARTER/2Z006 


hey say a picture is worth a thousand words, and in the 
complex world of Identity Management this maxim has never been 
more true. Novell Designer for Identity Manager (or just, Designer) 
is a powerful graphical environment that helps you visualize, archi- 
tect, design and implement identity solutions based on Novell 
Identity Manager. 

Implementing and managing an enterprise identity management 
infrastructure has never been a simple fix. After all, we're talking 
about facilitating secure and reliable communications between a myr- 
iad of participating systems, from data vaults, to back office databases, 
to applications, to end users. In fact, the complexity of the solution 
has prevented some from implementing the complete identity solu- 
tion they need. And in today’s information-driven world, that’s a 
dangerous place to be. 


Identity Management? 

Identity is a critical component of most any online activity. Identity 
determines entry, access and content in almost all online transactions, 
whether inside or outside of an organization’s firewall. Without con- 
fidence in your ability to properly identify a user, the whole concept 
of online security breaks down. And yet, today’s complex computing 
environments involve sometimes hundreds of different touch points 
that require identity to properly manage access. Manually managing 
an identity environment such as this, while still providing a reasonable 
level of confidence, is simply impossible. 

Novell Identity Manager (xovell com/products/identitymanager) sim 
plifies the process of identity management. It provides automated 
user provisioning and password management; delivering first-day 
access to new users, modifying or rescinding access as necessary across 
all systems, and synchronizing multiple system passwords into a single 
strong password. Identity Manager controls user administration 
costs, eliminates complex manual processes, and enforces consistent 
security enterprise-wide —all while providing users access to the right 
resources to do their jobs. 

Identity Manager abstracts a user’s identity complexity away from 
the user and the help desk. This is of tremendous benefit since it 
improves security, increases productivity and reduces costs. 
Unfortunately, the underlying problem of complexity remains. 
Behind the scenes, System Administrators, IT architects and ClOs 
are still saddled with the increasingly difficult task of managing all 
these identity relationships. Designer is the next step in simplifying 
enterprise identity management. 

Novell recently released Designer 1.2 as part of Identity Manager 
3.0.1. It provides new and enhanced features, and delivers an even 
more robust development environment for your identity solutions. 
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So What is Designer? 

Designer is a graphical design, implementation and documentation envi- 
ronment for Novell Identity Manager. It specifically addresses the needs 
of identity architects and consultants that are brought in to design and 
implement an organization’s identity solution. It provides very granular 
control over an identity project, and delivers simplified tools that more 
efficiently move the project from inception, through design and imple- 
mentation, to hand-off. This reduces time and costs associated with the 
project and provides a quicker return on investment. 

Identity Management is a complex problem, and identity solutions 
that leverage Novell Identity Manager make heavy use of XML and 
data transformation languages. By abstracting this complexity away 
from the designer and implementer, Designer lets them focus on cre- 
ating the very best identity solution rather than struggling with the 
details of the implementation. 

“Designer is all about the four Ds: Design, Develop, Document, 
and Deploy”, says Volker Scheuber of the Designer engineering team. 
Design: Designer is a one-stop design shop for Identity Manager 
solutions. It provides a variety of views for architects and designer's 


Digging into Development 


Designer represents a new type of development process at Novell. 
Known as Iterative Development, this process relies on fairly short (6-8 
week) iterations during which new features are added, debugged and 
tested all at once. At the end of each iteration, the tearn produces a 
Milestone build of the product that incorporates all the additions of that 
iteration. The iteration schedule is an ongoing cycle, but every so often, 
as dictated by release schedules and other external events, a series of 
Milestone builds is rolled together to produce a version of the product 
that is ready to be shipped. 


“This development process permits an unprecedented degree of cus- 
tomer involvement”, said Bill Street, Engineering Manager for Novell's 
Designer team. “I really think this is the ideal way to do software devel- 
opment. It makes us validate early, and often, with our customers, and 
really helps us get it right.” In fact, the Designer team provides customer 
access to its daily engineering builds 
(novell.com/coolsolutions/dirxml/designer) so they can participate in the 
development process, make comments and suggestions via the Novell 
bug tracking system, and even vote on feature importance to help the 
engineering team properly allocate its resources. 


TREND- 
TALK 


Novell Open Audio 
Podcasting to the People 


By Nathan Conger 


pen standards lower the barriers to innovation. This 
principle continues to prove itself in the real world. 
With the open standardization of the PC in the early 
eighties, many new concepts, technologies and ways of communicat 
ing sprung up and flourished. Open standards and open source have 
done the same thing for the Linux operating system, allowing many 
new players to contribute and innovate in a way that was previously 
not possible. Leveraging the open standards of TCP/IP and UDP. the 
Internet itself has given life to a host of new technologies and para- 
digms for collaborating and communicating. 

Out of this primordial, open-standards soup, a number of new 
technologies have emerged. Among them are Voice over IP, real-time 
chat, blogs and podcasting. Building on RSS, BitTorrent and other 
open standards, podcasting delivers true time-shifted, channel-based 
content to users. Podcasting has effectively lowered the barriers of 
both who can produce and consume audio, video and other content. 

First appearing in 2003, the growth of podcasting is unprecedent 
ed. Today, iTunes lists more than 38,000 podcasts in a varicty of 
categories, while the estimate for terrestrial radio stations is about 
36,000 worldwide. The number of new podcasts is growing at the rate 
of 800 per week (siliconrepublic.com/news/news.nvéstoryid-single6194). 
For more information, see the following four sites: 

: dopplerradio.net/2005/04/17/podcast-numbers 
:_forrester.com/ER/Press/Release/o,1769,996,00.html 
nevon.net/nevon/2005/02/business_podcas.html 
nevon.net/nevon/2005/02/yet_more_signs—.html 


Novell Open Audio is a podcast that started in early 2006 under the direc- 
tion of longtime Novell technology enthusiast Ted Haeger. Novell 
Connection magazine interviewed Ted Haeger about Novell Open Audio 
and what other projects he is currently working on. 


Ted, let’s start by having you tell us what Novell Open Audio is. 
Novell Open Audio is essentially an audio program about Novell 
and SUSE Linux technology. We produce the program for people 
who want to get past the press releases and product announce 


How can | ask questions or give 
feedback to Novell Open Audio? 


Toll Free Number: 800-218-1400 
International: +1 801-861-1313 
e-mail: openaudio@novell.com 
SkypelD: novellopenaudio 
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Novell Open Audio 


ments and find out more about what Novell is doing from the people 
who actually set the direction for and create Novell software. We 
offer it through the Novell Web site (novell com/openaudio), but also 
as a subscribable podcast through the iTunes Podcasts directory or 
other podcast subscription portal. So people who want to take the 
program on the road with them, like on their commute or to the 
gym, they can easily have the show delivered to whatever portable 
audio player they use. 

We also post upcoming interview topics, dates and people on the 
site. That way, ifsomeone has a burning question they want to ask one 
of our guests, they can send us the question. We send out a Novell 
Open Audio t-shirt to people who give us questions. It’s kind of a cool 
shirt. On the front it says “I ask tough questions.” It’s a great one to 
wear at BrainShare’s “Mect the Experts” night. 


What topics do you cover on the show? 

A lot of the show’s content focuses on Linux. That’s partly because of 
Novell's strategic direction, but also because Linux is my current 
technology fascination. Linux is peculiar because it’s technology that 
is heavily intertwined with a really strong culture. | think the culture 
is contagious. Somehow I’ve become one of the people who really 
believes that open source, centered around Linux, is fundamentally 
changing the whole I'T industry. 

For me, desktop Linux is where the rubber meets the road. [ use 
Linux as my primary operating platform, and I’m amazed by the speed 
at which desktop Linux is technically advancing, That’s why probably 
a third or more of the show’s content covers stuff happening with the 
Linux desktop. It’s my personal interest creeping in and influencing 
the show. 

But Novell still has a huge portfolio of technology, and our listen- 
ers request topics from across the board. They keep me on track by 
constantly reminding me of what they want to hear. 


How did the idea for Novell Open Audio come about? 

The idea wasn’t originally mine, | just inherited it. (That’s how I get 
most of my good ideas.) A sharp guy whom | worked with when | was 
on the Novell Linux Desktop team told me, “We have to launch a pod 
cast show, and you're going to host it.” When he went off to another 
role, | inherited the project. So I get undue credit for the idea. 


What background do you bring to the show? 

I've always been a techie. Before working at Novell—was it really 
nine years ago? —I was a Certified Novell Instructor and Microsoft 
Certified Trainer. | pretty much was a geek who was lucky enough to 
find a job that allowed me to become an expert in some cool technol 

ogy. In 1997, | joined Novell as a technical sales guy in the San 
Francisco Bay Area, and eventually moved into the Novell 
ZENworks product line, and later on to Novell eDirectory. Then 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect. 


define how to apply individual policies as 
data is synchronized between 
participating systems. (SEE FIGURE 2.) 


Policies customize the flow of 
information into and out of Novell 
eDirectory for a particular environment. 
For example, one system’s main user class 
might be User, while another's is 
OrgPerson. Policies let you identify this 
difference to make sure that user-related 
data is properly applied during data 
synchronization. Policies can also create 
new objects, update attribute values, 
make schema transformations, define 
matching criteria and maintain Novell 
Identity Manager associations, among 
many other things. 


Workflow Designer: Workflow 
Designer is an add-on plug-in for 
Designer that supports Identity 
Manager-based User Applications 
(White pages, Org charts, User search, 
etc.) and the Provisioning Module for 
Identity Manager, which offers initiation 
and monitoring of business-level 
workflows (cell phone request, expense 
reports, facilities request, etc.) 


Directory Abstraction Layer Editor 


(DALE): Related to the Workflow 
Designer, DALE lets you define directory 


The Bull’s Eye 


abstraction layers used to create 
composite data objects that support the 
desired user application or provisioning 
task. Directory abstraction layers are a set 
of data definitions that provide a logical 
view of one or more Identity Vaults. 
DALE lets you change the abstraction 
layer’s data definitions as needed to 
support the desired user application or 
provisioning workflow. 


The descriptions above just scratch the sur- 
face of Designer’s capabilities. To get the 
complete picture of Designer's capabilities, 
check out the Designer for Identity Manager 


documentation at novell. com/documentation/ 


designer 12. 


Conclusion 
Designer proves the old adage...a picture 
really is worth a thousand words...particular 
ly when that picture gives you a clear idea of 
your identity solution. Designer clears away 
the clutter and complexity so you can focus 
on designing and implementing the solution, 
and not get caught up in the minutiae of the 
underlying protocols and technologies. 
Novell Identity Manager is already the 
leading identity solution in the market, now 
Designer lets you leverage Identity Manager 
to create identity solutions more easily than 
ever before. And that’s a picture you can 
spend some time admiring, 


| “Designer has really pushed our IDM practice further. Our discovery and design time has been 


“Using Designer for Identity Manager has cut our development time for an Identity Management 
project almost in half. Drag and drop, wizards and features like document generation increased 
our “get-the-job-done” efficiency whereas features such as Simulation and Workflow Editor enable 
us to do things we could not do in the past. A customer was stunned when we showed them how 
easy it is to build customized workflows in Designer for Identity Manager. As a matter of fact, this 
customer, without any IT knowledge, is now building their own workflows.” (July 7, 2006) 


shortened, we can develop more effectively with portable code wherever we need to be, our docu- 
mentation is produced more completely, consistently, and in half the time, and we can provide | 
post deployment support in almost real time from anywhere with only e-mail access. Designer has 
improved every phase of our IDM projects.” (March 24, 2006) 


Want To Try It Out? 


Free Download 


www.grouplink.net/hdec 
801.298.9888 
info@grouplink.net 


For Novell OES, eDirectory, messaging, ZENworks, 
Linux. Web-server based, PDA enabled. 


Novell Designer clears away the clutter and complexity so you can focus 
on designing and implementing the solution, and not get caught up in the 
minutiae of the underlying protocols and technologies. 


including Identity Vaults, database servers, application servers and 
infrastructure servers. 


Prior to Designer, Identity Manager relied solely on iManager 
plug-ins to provide the identity management interface. While 
iManager provides a Web-based, manage-from-anywhere, interface 
suitable for day-to-day administrative functions, it was not optimal 
for the design and modeling activities that are so crucial to a success- 
ful Identity Manager implementation. Designer complements 
Identity Manager's current iManager-based administrative options 
with a robust Integrated Design Environment (IDE) that you can 
carry with you for disconnected design, testing and documentation 
that is difficult or impossible with iManager. 


How Does it All Work? 

Designer is implemented as a series of plug-ins (roughly 50) to the 
Eclipse framework (eclipse.org) Eclipse is an open source project that 
provides an extensible development platform and application frame- 
work for building software tools. By using Eclipse, Novell is able to 
exploit existing platform support and integration technology, liberat 


ing itself to concentrate on Designer's core value rather than first 

reinventing the wheel. The Eclipse Platform is written in Java and 

comes with extensive plug-in construction toolkits and examples. 

Designer leverages the Eclipse SWT Toolkit to provide native look 

and feel, and performance across both Linux and Windows platforms. 
Designer's user interface is familiar and easy to navigate, and the 

Eclipse plug-ins provide a broad range of tools for interacting with 

the Identity Manager environment. (Sih PiGURE 1.) Among these 

are the following: 

* Modeler: The modeler is Designer's primary work space. It isa 
visual editor from which you can design projects. It is your primary 
means of interacting with Designer. All other editors, views and dialog 
boxes support and provide functionality to the Modeler. To create a 
project, simply drag objects from the Palette into the Modeler. Then 
arrange and configure the project components as needed. Sounds 
easy, doesn’t it. But we all know the devil is in the details. 


* Policy Builder: The Policy Builder view lets you drill down on 
specific data flows in your identity solution. It provides a Policy 
Flow diagram from which you can display current data flows, and 


Figure 1 The Designer workspace gives you quick access to all the 
identity management design you need. 
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Figure 2 Policy Builder lets you define data flow policies and visua 
how they are applied. 
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Novell Designer is a powerful graphical 
environment that helps you visualize, architect, 
design and implement identity solutions 
based on Novell Identity Manager. 


that let them model and review every 
aspect of the solution. In fact, Designer 
provides robust Project Management 
capabilities, including simultaneous project 
development, packaging projects into zip 
files, e-mailing project files, incorporating 
project docs, such as spreadsheets, and 
importing/ exporting projects or project 
components. 


* Develop: Designer provides tools for 
building the identity solution once it is 
designed. Configure drivers, filters and 
rules that implement the identity-related 
system communications you need. One of 
Designer's critical development features is 
its simulation and debugging tools, which 
let you put all, or any part of, an identity 
solution through its paces to make sure you 


are getting the desired results. All of this 
without connecting to a live environment. 


* Document: Once an identity solution is 


ready for deployment, one of the most 
difficult tasks is to go back and 
document the solution configuration. 
Designer eliminates the effort by 
automating the solution’s document 
creation. With the push of a button, you 
can create the documentation necessary 
to hand off the solution to those who 
will manage it on a day-to-day basis. It 
is also an invaluable training resource. 


* Deploy: Designer is not just a modeling 


environment, but when connected to 
your production environment, it can push 
the solution out to involved systems, 


Designers by the Dozen 


One interesting aspect of Designer for Identity Manager is how easy it is to apply this type of man- 
agement solution to address other problems. Its very likely that Designer for Identity Manager will 
continue to sprout new functionality through the addition of new Eclipse plug-ins. In fact, work is 
already underway on a product that adds data validation and cleansing capabilities to Designer 
for Identity Manager. 


And Designer may be destined for more than just Identity Manager. Because Designer is built on 
the Eclipse framework, there is no reason that additional “Designers” can't be built for other com- 
plex configuration and deployment scenarios. 


Consider Novell ZENworks Suite, which provides robust management of network infrastructure. A 
ZENworks Designer could let you model and deploy resource management solutions using a simi- 
lar methodology to that used by Identity Manager. Or how about an eDirectory Designer that lets 
you model and design a Novell eDirectory implementation, including replica design and place- 
ment, before installing a single server. 


Although Novell hasn't committed to anything yet, its safe to say that Eclipse-based Designers 
may become more prevalent as a way to simplify the design, deployment and management of 
today’s complex IT infrastructures. 


WAS D> 


THE AUTHENTICATION COMPANY 


Do You Know Who is 
Accessing Your 
Corporate Network? 


Secure two-factor aut 
lovell applicati 


Native integration int 


your eDirectory Serv 


managing an additional 
authentication server 


www.vasco.com/novell 


If you don’t have a portable audio player and don’t want to shell out a 
couple hundred bucks to get one, don’t worry. You’re not left out in the cold. 
Just listen to any podcast on your computer. 


some Novell executive thought I would make a good marketing 
guy — which I didn’t—and put me on the Novell Linux Desktop mar- 
keting team. Eventually, one of our current executives realized the 
mistake and moved me into a role as “Director of User 
Communities,” which allows me to spearhead cool programs like 
Novell Open Audio, and get back to my geek roots. So, really this is 
my dream job: I get to talk to all the cool people who are driving 
Novell forward, and try to be something of a “technology ambassa- 
dor” for the Novell User Community. 


Are there any challenges in running a corporate podcast? 
Do you want the whole list or just the top ten? Seriously, I find it’s like 
walking a tightrope. To be credible in the medium, you have to keep 
the program real and fresh. Podcast listeners don’t want to hear pre- 
planned talking points and scripted dialogs. Novell has been really 
good at allowing me a huge amount of freedom in producing the show. 
| get to choose which topics to cover and how to cover them. 

Balancing professionalism with keeping the show informal is a con- 
stant bugaboo for me. That and keeping the right level of technical 
content to satisfy listeners. 


) Ted Haeger inte 


uring a live se 


Figure 1 
Novel fL K 
Linux World Expo ir 


Also, a corporate podcast has certain constraints on being critical; 
that puts us in a weird position of sometimes sounding too much 
like we're doing rote marketing. Which is surprising, because of the 
heavy emphasis we put on talking to the people who make the soft- 
ware, not market it. (You can’t do much “how-to” instruction in an 
audio program.) 


How has the show been received? 

It’s the most gratifying thing I have ever done at Novell. The listen 

er feedback has been very positive —it’s what keeps me going on the 
project. That's not to say that it’s all positive, though. You have to 
have a pretty thick skin to weather some comments. Sometimes we 
release what we think is a really solid technical show, and someone 
will drop us a comment that they thought the show was just market- 
ing fluff, Unfortunately, not enough of those comments include 
advice on “Here’s what | wanted to hear about and what you can do 
to make it better next time.” But overall, the show has gotten acco 

lades from all over the world. A few listeners have even become 
unofficial coproducers—they send me news articles as fun items for 
us to cover on the show. 


Podcast Directories 


It’s great that all this content is out there, but how do | 
find what I’m looking for? 

You can use a number of available podcast directories to subscribe. 
One of the easier methods is using the iTunes music player, which main- 
tains a very extensive podcast directory. Other players maintain 
directories as well, including, WinAmp and MusicMatch. Some Web 
sites also list the top 10 podcasts and maintain their own directories, for 
example, podcastalley.com. Special interest sites also exist. 
[TConversations.com hosts a number podcasts on different IT topics 
including security and open source. 
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We want Novell Open Audio listeners and enthusiasts to get involved. 


We’re eager to 


lay some listener voice mails on the air. 


Leaving a voice mail is the easiest way to get a Novell Open Audio t-shirt right now. 


Are you actually able to incorporate input like that? How 
much control over the show’s content do you actually have? 
That’s one of the coolest things for me. I’ve been given pretty much 
complete editorial control over what goes in and what stays out, what 
topics we cover, and who we interview. That means however good or 
bad the show is, it’s my fault. 

Of course, | don’t do it all by myself. Some Novell people have 
stepped up to act as correspondents for a lot of our interviews. Lee 
Howarth, Caitlin Jans and Erin Quill have been essential in giving 
life to the show. In fact, | bounce most of my ideas for the show off 
Erin, He’s been instrumental in setting some of the direction of 
Novell Open Audio. Mike Pearson, our audio technician, also plays 
a big role. When something we do crosses the “way too dorky” line, 
Mike lets us know. 


What do you mean? 

Well, Mike will stop an interview and make us start again if the dialog 
sounds too stiff. Also, I tend to goof around a lot. Mike is a good judge 
of what’s going to be funny and what’s going to sound forced. He also 
tells us when we lose him on a topic—like, if it sounds boring and 
needs to be pared down to keep it “listenable.” Mike also clips out a lot 
of the dead air, ums and uhs—that kind of stuff—to keep the dialog 


crisp and keep the pace engaging. He helps us keep the technology 
talk interesting. 


What’s next for Novell Open Audio? 

We're looking into launching a “Novell Open Video” site. I’ve been 
talking with Russ Dastrup, who makes the videos for Novell events 
like BrainShare, about vodeasting (video podcasting) various technol- 
ogy topics so we can actually show some of Novell’s cool wares. [ hope 
to have some of that online this Fall. 


What would you say to current and potential Novell Open 
Audio listeners? 
The biggest thing we want for Novell Open Audio is for it to be a pro- 
gram in which our listeners and enthusiasts can get involved. The one 
thing I have not gotten much of and that I really would really like to have 
is voice mails. We're eager to play some listener voice mails on the air, but 
so far everyone seems to want to keep it at the e-mail level. Maybe it’s the 
threat of airplay that scares people away. But leaving a voice mail is the 
easiest way to get a Novell Open Audio t-shirt from us right now. 

Voice mail or not, we're reading every comment and every e-mail 
we get from our listeners. Send more, and tell us what you want to 
hear about. N 


Podcatchers: Podcast Clients 


How do | subscribe to a podcast? How do | actually get the content? 
Many existing music players include podcast clients that allow you to 
subscribe to podcasts and automatically download content. On 
Windows, iTunes and WinAmp stand out. On Linux, Amarok has full 
support for podcasts with support coming soon in Banshee. Of 
course, iTunes is the client of choice on Macs as well. Subscribing to 
a podcast using, for example, iTunes, will automatically update the 
podcast content on your computer or portable music player each 
time you launch iTunes. 


There are also a variety of stand alone podcast clients (or aggrega- 
tors) available. Among.the.most-popular are iPodder, PodNova.and 


Juice. Lesser known clients such as monopod work very well on the 
Linux Gnome Desktop. 


So, to subscribe to Novell Open Audio using iTunes, for example, 
simply launch iTunes, click on Podcasts in the left nav menu. Then 
click Podcast Directory at the bottom and search for Novell Open 
Audio. Then click the Novell Open Audio podcast listing and click the 
Subscribe button. It’s really that easy. 


Regardless, if you don’t have a portable audio player and don’t want 
to shell out a couple hundred bucks to get one, don’t worry. You're 
not left out in the cold. Just listen to the podcasts on your computer. 
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Don’t hit a dead end 
in your migration by 

choosing the wrong data 
management technology. 


_INt un Cit [ ] NI ry! Get our free “Data Protection and DR Considera- 
When you migrate, you may find yourself at a dead end if you’re not using the right data man- tions If You Are Migrating to Linux-OES” checklist to 


agement technology. Make it to your destination and make sure your migration path is further help guide you safely down the rocky migra- 
smooth and secure with Syncsort Backup Express. tion trail, and/or view our on-demand joint 
You need to be assured that you can live up to your service level agreements (SLAs) both Novell/Syncsort Webinar: “Increasing Your Service 
during and after the migration. You need to be especially certain that your disaster Levels and DR Opportunities with Linux” at 
recovery/business continuity plan is not a roadblock. Syncsort Backup Express has top sup- www.syncsort.com/nv96dab 
port for both NetWare and Linux Open Enterprise Server environments. a, 
N —> 

Backup Express: : 

e Uniquely supports NetWare, Open Enterprise Server, Linux, and mixed YES 

clustered environments ee 
Will restore NSS volumes to any OES platform — no need to keep legacy boxes! Novell. 


¢ Supports GroupWise on Open Enterprise Server for NetWare and Linux 


FINE- 
PRINT 


How’s Your Memory? 
The Don’t-Call Defrag 


By Kathryn Jenkins 


f you're steeped in the world of technology, memory has specific 

meaning for you: it’s your system’s ability to store the data you 

give it. We're all over that kind of memory, and in this issue we 

give you tips on how to avoid memory fragmentation—a nasty 
situation that occurs when your server has plenty of memory space, 
but can’t process your requests. 

Now think back to the days before you were steeped in technology — 
memory referred to your ability to remember important information 
(okay, maybe not-so-important information!). This month we give you 
some important stuff to commit to memory about how to manage those 
servers. We also have some great tips and tricks to help you resolve issues 
with GroupWise without resorting to technical support. 


> Memory Fragmentation: Are You At Risk? 

As a 32-bit operating system, NetWare can handle as much as 64 GB 
of physical RAM. Sounds great, right? But just because NetWare can 
handle that much memory doesn’t mean your system will have that 
much memory to work with. Here's why: 

Intel’s 32-bit architecture limits any operating system to a 4-GB area 
in which logical memory can be mapped. Any memory that exceeds 4 
GB must be accessed by mapping pages in and out of the 4 GB space. 

Logical memory fragmentation occurs when the server has plenty of 
available logical mapping space for memory, but not in large enough 
chunks to grant a memory request. In other words, there could be 500 
MB available, but if an NLM requested an allocation of 2 MB and the 
largest available size was 150 KB, the request would fail. The result? 
The server’s memory is fragmented and the NLM would not run cor- 
rectly. 

Here’s what that means to you: since most applications run in the 
“kernel space” or “ring 0” in NetWare —as opposed to “user space” or 
“ring 3” in other operating systems —all NLMs running in the kernel 
have a finite amount of RAM to work with. As a result, you might 
have to adjust the settings on your servers to reduce the number and 
frequency of memory problems, depending on the applications and 
NLMs you have running on the server. 

There is an option: NetWare 6.5 Support Pack 5 with the added 
update NW6s5OS5A.EXE contains the latest fixes and updates you'll 
need to address memory fragmentation. 


> Identifying Memory Fragmentation on a NetWare Server 
Novell makes it easy for you to identify logical memory fragmenta- 
tion on your NetWare server—simply use the statistics available 
through the Novell Remote Manager (NRM). Here's how: 


| Open your browser and go to the server's IP address: 8008. 

2 You will be asked for a username and password; log in as Admin. 
3 Click View Memory Config. 

4 Scroll down to the Logical Address Space section. 

5 Note the value for “Fragmented Kernel Space.” 
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You can also look at the red block on the graph, which shows the per- 
centage of fragmentation. If the value (or block on the graph) remains 
steady over a period of several hours or several days— even if the per- 
centage is as high as 50 percent—you don’t need to tune your server. 
Steady numbers mean your server isn’t compromised by fragmenta- 
tion of logical memory. 

If the value increases over time, or the red block on the graph 
steadily grows bigger, you should tune your server. I’ll show you how. 


> A Quick Aside: Diagnosing Memory Problems 

Before you learn how to tune your server, you should be aware that 
fragmentation isn’t the only memory problem you can have on a serv- 
er. For example, any NLM on the server could “leak” memory—a 
problem generally caused by a module that allocates memory but then 
never returns it to the system. In other words, allocated memory is 
never freed up again once it should be available. As another example, 
a module might allocate an unnecessarily large amount of memory 
either by design or because of miscalculation. 

Both of these situations will result in a dramatic decrease in the 
amount of memory available on your NetWare server. Both will also 
result in a steady decrease in the number of cache buffers reported in 
a Monitor.nlm. And both are clearly a problem, though neither is due 
to memory fragmentation. 

The NRM utility is the best way to diagnose a memory problem. 
Under the Manage Applications heading, click List Modules. A list of 
all the NLMs running on the server will display, along with the 
amount of memory each NLM is using, broken down into different 
categories and sorted by how much memory each is using. If you see a 
module steadily climbing the list, suspect a memory leak. 

If you think your server is leaking memory, make sure you have the 
latest version of the NLM. If that doesn’t resolve the issue, contact 
Novell Technical Support for more help. 


> Tuning Your Server to Prevent Memory Fragmentation 

In just five simple steps, you can tune your server to address issues 
around memory fragmentation. These five steps address every possi- 
ble factor that can contribute to or aggravate memory 
fragmentation—and you might not have to use all five. Try each one, 
in the order listed. 


| Update Your Server 
To begin, install the latest NetWare Support Pack on your server; 
the support pack includes all the fixes and updates for memory 
fragmentation issues. If you are running NetWare 6.5 Support 
Pack s, install the NW6s5OS5A.EXE update. Once you've 
installed the support pack and the update, you should not have 
any additional problems with memory fragmentation. Depending 
on the amount of memory on your server, you may need to adjust 
settings as described in the next three steps. 


2 Reload the TSAFS Modules 
There can be limits to the amount of cache the TSAFS module 
requests. To resolve any issues, unload the TSAFS.NLM module, 
then reload it with the following command-line switch: 


load tsafs/cachememorythreshold=1 


The command-line switch specifies the percentage of the server's 
free memory that will be used by the TSAFS at run time. For 
example, if your server has 4 GB of RAM installed, the 1 in the 
command-line switch means the TSAFS call will allocate and use 


I percent, or as much as 40 MB of RAM. 


3 Set a Hard Limit on How Much RAM DS.NLM Uses 
If the DS.NLM consumes a large percentage of the RAM on your 
server, or if it uses more than 500 MB of RAM, you'll need to 
restrict how much memory eDirectory can use. To do this, install 
eDirectory 8.7.3.3 or later; earlier versions might not retain the 
hard limit settings. 


Basically, you can turn off the dynamic caching ability of DS.NLM, 
then hard set the DS RAM to start at two times the database size. 
Especially do this if your database size is less than 500 MB. 

The following technical information documents, or TIDs, 
describe how to hard set the amount of RAM eDirectory can use: 
+ http;//support.novell. com/cgi-bin/search/searchtid.cgi?/10096642.htm 
* bttp;//support.novell. com/cgi-bin/search/searchtid.cgi?/10060669.htm 
* bttp;//support.novell. com/cgi-bin/search/searchtid.cgi?/10094467.htm 
+ bttp;//support.novell. com/cgi-bin/search/searchtid.cgi/10097143.htm 


4 Set the File Cache Maximum Size Parameter 
The hidden set parameter that determines the file cache maxi- 
mum allows you to adjust the size of the logical memory spaces. 
With NetWare 6.5 Support Pack 5, use the following setting: 


SET file cache maximum size=2147483648 


Count carefully and make sure you've entered a total of 10 dig- 
its—just 1 extra or missing digit will make a huge difference. 
Note: If your server has less than 1 GB of RAM, you don’t 
need to set this parameter. 


Reboot Your Server 

At this point, reboot your server and let it run for a few days or 
weeks; if possible, let it run through a cycle or two of peak user 
activity and a couple of automatic backup jobs. In most cases, frag- 
mentation of logical memory will be resolved with the four steps 
described above. If you're still having problems, use the two parts 
of the next step, one at a time, to make the final adjustments. 


5 Adjust the Size of the User Address Space 
If you are still experiencing memory fragmentation problems, alter 
the default size used for the User Address Space. 
Note: This step should be taken ONLY while the server is hav- 
ing problems, not when it is running smoothly or has been 
recently rebooted. 


To alter the default, use a server startup command-line switch issued 
from the DOS prompt or added to the Autoexec.bat line that loads 
the server. Use “server -u<number of bytes for User Address Space 
size>” to give the memory configuration just what the server needs 
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for the User Address Space —and no more. Be extremely careful with 
this setting Count the digits in the number you provide the switch, 
and then double check the number. If you slip up and designate a 
number that is too low, CPU utilization will be high, and programs 
either won't load or won't run correctly in protected memory. 


To access the feature, take the following steps: 

| Open NRM and log in as Admin. 

2 Click View Memory Config in the left pane of the main 
window. 

3 Click Tune Logical Access Space. 

4 A screen will open and display configuration recommendations 
provided by the Novell kernel developers specific to your 
server's running condition. 

5 Make the recommended change, with the —u setting for 
server.exe (server-u<number>). 

If your server has less than 3 GB of RAM, do not use this setting. 


> Still Having Problems? 

The five steps outlined above will take care of the most common factors 
that cause or aggravate memory fragmentation. If you're one of the rare 
exceptions, you might notice that the memory on your server steadily 
declines over the next month and that you have to keep rebooting your 
server, even though you followed these steps. If that’s the case, your 
memory fragmentation problems have not been resolved. 

What now? 

Closely inspect your server to find out how much memory your 
NLMsare using. You might find that the NLMs are using more mem- 
ory than the logical mapping size, and as a result, the NLM Address 
Space will borrow memory from the File System Address Space, caus- 
ing a slow but steady decline in memory. 

In virtually all cases, you'll fix the problem if you control the mem- 
ory NLMs can use in the cache pool. Steps 2 and 3 above show two 
effective ways to control the memory used by specific NLMs. You 
might have to scrutinize other modules that are loaded on your 
NetWare server—either from Novell or from third parties—and 
adjust how much memory they are consuming on the server. To adjust 
and monitor memory consumption over time on a per-module basis, 
use the Novell Remote Manager (Module Listing) or other tools. 

If you're still having problems or need additional answers, please 
contact Novell Technical Support. 


> Maybe It’s Your Application... 

If you’ve applied the latest code and followed these steps, your mem- 
ory issues might have nothing to do with your operating system—and 
everything to do with the applications that are running on your 
NetWare server. 

To determine whether that might be your problem, check out the 
following documents (in TID format), which outline some of the 
most commonly reported issues: 

+ Attp://support.novell.com/cgi-bin/search/searchtid.cgi?/10058100.htm 
+ ttp,//support.novell.com/cgi-bin/search/searchtid cgi?/10090829.htm 
+ Attp://support.novell. com/cgi-bin/search/searchtid.cgi?/10100212.htm 


Remember: your memory problems might be due to backup vendors, 
content vendors and other NLMs running on your server. It’s critical 
that you identify the NLM where the memory problem exists and 
then contact the vendor that owns the module for a fix. To repeat: 
install the latest support pack and the updated patch from Novell. 
And, rest assured, Novell is continuing to make additional improve- 
ments in NetWare’s memory management system to better 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect. 


accommodate the newest hardware configurations and the various 
combinations of modules you might be running on your server! 


> GroupWise? Help Without the Support Call 

You've come to appreciate Group Wise 7.0 as one of the premiere col- 
laborative tools on the market. And if you've used Novell Technical 
Support engineers to resolve any GroupWise issues, you know how 
good they are, too. 

From a support engineer’s point of view, there’s much to be said 
about the efficacy of a collaborative support tool, especially one that 
is easily leveraged by small businesses and enterprise concerns alike. 
Group Wise 7.0 is such a tool. Because they work with all types of con- 
figurations, support engineers wear plenty of hats, and they do it very 
successfully —even though one may have top-notch technical skills 
while another is more customer-savvy. They strive to resolve the cus- 
tomer, then the issue, and while the two mesh perfectly most of the 
time, occasionally they have to reconcile the needs of the software 
with the needs of the customer, which gives them a unique perspec- 
tive on the product and the issues that cause support calls. 

That said, they have some ideas on how you can troubleshoot many 
of your own issues without having to make a call. How would you like 
to save time and money by being able to check out some engineer-rec- 
ommended documents, then do the troubleshooting on your own? 

Then read on! The GroupWise support team has come up with a 
set of suggestions that will help you bypass the possible “gotchas” and 
points of failure that, despite every effort, appear in a small percent 
age of installations, upgrades and migrations. (Before you read this, 
they'd like to point out that they are acutely aware and respect the 
fact that some of you are far more skilled than some of them!) 
Ready? Here’s what you can do before picking up the phone: 

MAPI—Document Integration and Management 

Group Wise 7.0 has moved away from the old Windows Messaging 

System. If you have Microsoft Outlook 2003, GroupWise 7.0 can 

use that MAPI. Check out the following TIDs: 

+ 10100406 ~ Getting Your MAPI Application to Work After 

Upgrading to the Group Wise 7 Client 
* 10100675 — MAPI Services Dialogue Error 


Many proprietary applications currently use MAPI to send informa- 
tion to the GroupWise client; an internal list of these applications is 
being modified as MAPI incompatibilities are addressed. As of the 
release of SP1, all (or nearly all) known MAPI complications have 
been addressed. | know I said you wouldn't have to call—but make 
sure you report any new issues to Novell Technical Support. 


> Linux—Open Enterprise Server and SUSE Linux 
Enterprise Server 
As Novell increases its presence in the open source community, many 
of its solutions are finding a place in the Linux world—including 
GroupWise, which currently runs well on Linux. The migration is 
becoming steadily more robust, and initial quirks have almost all been 
remedied. At BrainShare, Novell announced the GroupWise 
Migration Utility, which makes it much easier to migrate from 
NetWare or Windows to Linux. Until that product is available in mid 
October, check out the following TIDs: 
* 10099946 — Moving a Post Office to Linux 
* 10099947 — Moving a Domain to Linux 
* ro101095 — Documents Inaccessible After Move from NetWare to 
Linux 
10100048 — POA, MTA and GWIA Becomes Unresponsive 
After SUSE Linux Enterprise Server SP3 Update 


Note: GroupWise 7.0.1 has alleviated most of this, 
but the backrev may be a necessary step in certain 
types of troubleshooting. 


> Clustering 
The robustness of GroupWise 7.0 in a shared resource environment 
has greatly improved. In both Linux and NetWare, GroupWise is 
basically an application residing and performing its actions in a mem- 
ory space making the main issue the ability of the resource to failover 
from one node to another while maintaining memory space. While 
that ability is fairly stable, there are some considerations around 
GroupWise clustering in native Linux file systems. For help, check 
out the documentation at novell. com/documentation/gw7/index.html. 
Note: Native Linux file systems house GroupWise well in a 
cluster, but some stability issues exist in some scenarios. 
Novell is investigating these scenarios. 


> GroupWise WebAccess 

GroupWise WebAccess 7.0, which has a slightly different interface and 
home page, uses Tomeat 4 in NetWare and Tomcat 5 in Windows. 
Access https://<server_ip>/gw. Note that WebAccess can’t utilize secure 
communications via Public/Private keys; only the online client can. 


> GroupWise Internet Agent (GWIA) 
While it is lacks some features, changes to the GWIA have made it 
robust in most ways and have maintained its compliance with increas- 
ingly stringent security protocols that guard today’s mail gateways, 
including SPAM filters. Just remember: GWA is not intended for use 
as a firewall or a relay host, just as Group Wise itself is not meant to be 
acontent management system. Group Wise 7.0 allows for more control 
than what was available through the Access Control List and the 
Mailer Daemon, but that control is collaborative when used in con- 
junction with SPAM filters and/or firewalls. Check out these TIDs: 
* 10100683 ~ Rule-generated Messages Don’t Deliver to Recipients 
Properly 
10099640 — GWIA Abends the Server When Loaded or Unloaded 


> Backup 

The previous method, TSAGoo.NLM, GWTSA.NLM, is no longer 

a supported configuration. Instead, use TSAFS.NLM, 

TSAFSGW.NLM. (While it is supported, TSAFSGW.NLM has 

some kinks that affect how it works with the GroupWise 7.0 

GWENNs.NLM). Check out the following TID: 

* 10095865 ~ It is not necessary to use the TSAFSGW.NLM at any 
time. A full backup can be garnered by using TSAFS.NLM with 
the /enablegw=yes switch in the TSA.CFG. 


> GroupWise Archive 

Novell's current archive structure is robust, but only in a general way. 
It is difficult to centrally store archived data and maintain its integri- 
ty over a number of years, especially in today’s environment, where 
many companies might need to work together to maintain historical 
collaboration. That’s not all: large post offices of more than 100 GB 
get difficult to back up, maintain and restore. 

Remember: As the size and age of your GroupWise stored messages 
increases, so does the chance for failure. If your system is left too big 
for too long, without systematic efforts at cleaning and maintenance, 
you risk the loss of valuable data. 

If you need to maintain vast amounts of data in nearline storage, 
there are reasonably priced third-party applications that can both 
store Group Wise historical data and easily restore it as needed. N 
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VoiceRD 


Telephony Integration with Customer Relationships and Enterprise Collaboration 


n the IT world, we've always had to “do more with less,” and often 

do it faster. In the world of voice, this means VoIP, or Voice Over 

IP. VoIP is the transmission of voice over standard network sys- 
tems, including the Internet. VoIP serves two business needs: take 
advantage of new applications, and reduce costs by using existing net- 
works. An added benefit is extensive connectivity and mobility. 

VoiceRD provides a complete open source VoIP solution. 
VoiceRD is the rapid deployment of a fully featured open source 
PBX. It reduces telephony-related operating costs while providing 
more features, connections and integration than traditional VoIP 
offerings. The open source community is rapidly developing and inte- 
grating new applications into VoiceRD. 

The software is based on Asterisk open source PBX software, 
SUSE Linux, Novell eDirectory, Novell Identity Manager and 
AppArmor. It runs on an appliance, or a low-cost hardened HP serv- 
er where all unnecessary operating system services are eliminated to 
increase security. It runs hassle-free and securely, and integrates into 
virtually any IT infrastructure, large or small. 


> Components 
VoiceRD partners with HP, Novell and Digium to create the solution. 


A combination of open source and proprietary code connects a full 
set of telephony functions to SugarCRM for customer relations and 
to Alfresco for enterprise content management (ECM). 

At the bottom of the stack is a hardened HP hardware appliance. You 
can choose from two models. Model 1 handles up to 150 handsets, and 
Model 2 handles anything above that. Each scales to support trunks and 
connections. Telephony cards from Digium support digital (Tl) and 
analog (POTS) connections. The hardware is fully supported by HP. 

On top of the hardware appliance is a completely integrated soft- 
ware appliance you can purchase separately. The operating system is 
SUSE Linux Enterprise Server 10 from Novell. Bundled with the OS 
is AppArmor from Novell, the open source security framework that 
creates mandatory access control for programs. 

The telephony platform is Asterisk, an open source VoIP PBX. 
(For a full list of telephony functions in Asterisk, see asterisk org.) 
Asterisk includes call conferencing (bridging) and call center func- 
tions, such as call queuing. The appliance also has a Web management 
tool to run all of the system and user operations. 

You can add identity management licenses to provision the extensions 
directly from the network directory services (eDirectory or ADS) or 
other authoritative user source. Provisioning includes voicemail, user 
conference center for call bridging, and the configuration of individual 


Figure 1 Configuring voicemail for a user with optional settings for call recording 
and notitication 
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Figure 2 Configuring interactive voice response (auto-attendant) 
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For more information or to download a trial, please visit voicerd.com. 


oe |'VoiceRD 


Open Source VoIP. More for Less. Faster. 


user handsets. All adds, changes and deletions 
are managed from the directory services inter- 
face, which can be either iManager or a neutral 
graphical interface. 

It works with today’s hardware, protocols 
and applications, yet was designed to be flex- 
ible so it can grow as your enterprise needs 
change. You can also get a soft appliance, 
which consists of all software, including the 


OS and OEM licenses. 


> Rapid Deployment 
VoiceRD is based on fixed price, limited 
engagements with specific added value. An 
example is a multisite or international 
deployment where all servers and extensions 
are integrated and networked. In this exam- 
ple, VoiceRD proceeds through four phases: 
¢ Phase 1: Assessment and design 
considers the entire project, including all 
sites, protocols, hardware, features and 
applications. 
* Phase 2: Preimplementation 
moves from comprehensive design to a 
limited scope of, say, specific geographic 
implementation. 
* Phase 3: Implementation 
implements the limited scope. 
¢ Phase 4: Training and support 
obviously trains and supports staff. 


The layered support is as complete as the list of 
voice functions. The base code is SUSE Linux 
and Asterisk. Both platforms are supported by 
a global open source community. Innovation 
and bug fixes happen at warp speed compared 
to traditional development models. Novell 
develops SUSE Linux Enterprise Server 9 and 
prepares it for the enterprise. The Asterisk 
community develops the telephony code and 
VoiceRD prepares it for application. Novell 
Technical Services provides 24/7 support, so 
support is a single call. 


> Application Integration 
Integration continues up the stack. Far from 
a mere VoIP system, VoiceRD integration 
can be mixed or matched into three key 
aaeeon arenas: 
customer relationship management 
(CRM) 
* enterprise content management (ECM) 
* enterprise messaging 


SugarCRM is the CRM component and 
Alfresco is the ECM component. Both are 
built upon the model of commercial open 
source. A global community of programmers 
writes the code. Additional code and support 
can be purchased on top of what is down- 
loadable and used for free. It is fast, quality 
development with dedicated support. 

Novell GroupWise on Linux is the third 
arena. It is a complete collaboration soft- 
ware solution that provides e-mail, 
calendaring, instant messaging and task 
management. VoiceRD integrates voice 
functions with all three. 

For example, in a sales-driven scenario, all 
integration functions happen in Sugar, the 
CRM module. Outbound phone calls origi- 
nate from within a contact record in Sugar. 
You click a phone icon to dial the contact’s 
number. When the user picks up the receiver, 
the voice session begins. The date, time and 
duration of the call are recorded in the 
client’s record. 

The call itself can also be recorded in 
Alfresco, outside of Sugar, with access from 
the contact’s record. All recorded voice calls 
are stored and indexed and made available to 
the enterprise work flow rules found in 
Alfresco. You can turn any conversation into 
a voice object managed by the ECM. 

Actions in Sugar also drive events in 
Novell GroupWise. An outbound call initi- 
ated from within a contact record in Sugar 
can, at the caller’s discretion, schedule a 
future call. When the call is scheduled, 
VoiceRD integration creates a GroupWise 
appointment. If you've implemented 
BlackBerry support for GroupWise, it can 
deliver an alarm to the BlackBerry device. 

Voicemail is also integrated with 
GroupWise. As voicemails are left, a message 
is sent to the user’s GroupWise Inbox. The 
caller ID is in the message body, along with 
the time, date, length and a link to an audio 
file (WAV). The voicemail can then be for- 
warded through GroupWise internally, or 
stored in Alfresco. 

VoiceRD is fully integrated up and down 
the complete stack: hardware; operating sys- 
tems and security; a PBX appliance; and 
lateral integration with customer manage- 
ment, enterprise collaboration and complete 
content management. N 
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Elegant Integration 


VoiceRD integrates 
voice and data 
with enterprise 

applications such as 

GroupWise 
SugarCRM 
Alfresco 
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Anatomy of an Open Enterprise 


A Sensible Open Source Solution Case Study 


by Todd Swensen 


f you own or work for a small or medium-sized business, you've 

almost certainly explored open source as a way to reduce soft- 

ware licensing fees, avoid expensive vendor lock-in, and lower 
hardware costs. Those are, after all, the standard open source benefits 
you hear and read about over and over again. But it’s important to 
understand that cost is only the first chapter in a much larger and 
richer open source story. 

Yes, Linux and open source can almost certainly lower your IT 
costs. But if you approach the open source movement correctly, it can 
also open the door to sophisticated new kinds of solutions that were 
previously only available to very large enterprises—and allow you to 
deploy these kinds of solutions much more quickly and inexpensively 
than you ever thought possible. 

In other words, open source can actually erase the barriers and 
boundaries between the kinds of technology solutions available to 
your small or medium-sized business—and those available to your 
largest multi-billion dollar competitors. 

Novell has given this larger, richer open source story a name. It’s 
called the Open Enterprise. And Novell is working nonstop to 
make the advantages of the Open Enterprise realistic and practical 
for all types and sizes of business. Of course, the model for devel- 
oping Open Enterprise solutions looks much different than that of 
a typical proprietary solution. Open Enterprise solutions can start 
virtually anywhere—from the mind of a consultant working for a 
small solution provider to the in-house IT department of a medi- 
um-sized retailer. 

The development process is organic and collaborative, typically 
involving many different commercial and open source vendors and 
the larger open source community. And the solutions tend to be more 
flexible and adaptable, because they’re based on standard code and 
open, freely available APIs. 

This open source model does a wonderful job of turning great ideas 
into working solutions, but it also creates some interesting challenges. 
How do you turn these organic, collaborative efforts into commer- 
cially viable software solutions? How do you make a solution 
developed by a small solution provider with limited marketing 
resources available to a wider audience? And how can you know an 
Open Enterprise solution has been thoroughly tested and meets your 
high standards for quality? 

Fortunately, innovative new processes and programs are emerging 
to address these questions. These programs harness the remarkable 
innovation that’s taking place in the open source community, make 
open source solutions commercially viable and provide resources to 
help bring them successfully to market. 

To demonstrate how the whole process actually works, it’s useful to 
look at a real, concrete example. So let’s highlight the efforts of a 
small, but successful IT services company named Novacoast, and take 
a close look at how they’re working with Novell to develop, market 
and sell a successful Open Enterprise solution. 
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> Introducing VoiceRD from Novacoast 

Until a couple of years ago, Novacoast ran their small business from a 
single office in Santa Barbara, California. When the company decided 
to expand its services and open offices in a number of different states, 
Novacoast Chief Technology Officer Adam Gray began investigating 
possible telecommunications options for their growing business. Adam 
knew that setting up and supporting new offices would be expensive. 
But he was still surprised by the costs required to deploy even a 
midrange Voice over IP (VoIP) telecommunications solution. 

“It didn’t take us long to figure out that the advanced telecommu- 
nications capabilities we needed were going to be way out of our price 
range,” said Gray. “The quotes that came in from proprietary Voice 
over IP companies were totally unrealistic for our situation.” 

It was back to the drawing board for Adam and his team. But rather 
than settling for some barely functional low-end proprietary solution, 
they started investigating a number of open source possibilities. “We 
were already invested in open source on the data side of our organiza- 
tion,” Gray said. “So we decided to see what open source could do for 
us on the telco side.” 

The answer was surprising. Adam and his team discovered that 
Asterisk, an open source VoIP PBX running on SUSE Linux 
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Open Enterprise solutions can start virtually anywhere— 
from the mind of a consultant working for a small solution provider 
to the in-house IT department of a medium-sized retailer. 


Enterprise Server, offered most of the features they needed. They 
quickly developed some identity management drivers to simplify the 
provisioning process and make the solution easier to manage. 

They also started exploring ways to add more advanced capabilities, 
such as a soft dialer, voicemail, conference calling, call recording and so 
on. A few weeks and a few lines of code later, Novacoast had a remark- 
ably sophisticated and full-featured VoIP telephony solution ready to 
deploy in their business —built entirely on open source software. 

Shortly after Novacoast developed this initial open source telecomm 
solution, they attended BrainShare in Salt Lake City. They were over- 
whelmed by the interest in their new in-house VoIP solution, and they 
quickly realized that they had the beginnings of a promising new product. 

Novacoast spent the next six months working to integrate their 
telephony offering with other open source applications to create a 
solution that combined Customer Relationship Management 
(CRM), telephony, document management, collaboration and much 
more. The solution incorporated a number of leading open source 
and proprietary applications, including SugarCRM, Novell 
eDirectory, Alfresco content management and Novell Group Wise. 

Integrating all of these applications was surprisingly easy, because 
the Novacoast team had total access to open source code and APIs, 


and they were able to harness the expertise and knowledge of a knowl- 
edgeable and diverse open source community. 

The end result, after a relatively short development process, was a 
remarkably sophisticated, capable and completely enterprise-ready 
solution that would normally only be an option for large companies 
with very deep pockets. 

Novacoast’s success in turning their small in-house project into an 
impressive enterprise-class solution embodies the Open Enterprise 
philosophy. For Novacoast, open source has quickly become much 
more than just another source for low-cost applications— it has actually 
transformed the way they approach their whole IT’ infrastructure. 
But that’s really only half the story. 

It’s perhaps even more interesting to examine how they are making 
that solution available to other small and medium-sized businesses. 
Because that critical final step —turning an obscure in-house solution 
into a viable commercial offering —is often the most difficult, especially 
for small ]SVs with limited resources. 

So how is Novacoast doing it? How are they managing to success- 
fully bring their solution to a wider market of small and medium- 
sized businesses? 

The answer is Novell Market Start. 


Figure 2 /o cai/ the customer, the sales representative simply finds the client's 
profile in her contact list and clicks the phone number to dial the customer. The 
VoiceRD dialer calls the customer and automatically logs the call in SugarCRM. 
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Figure 3 After the sales rep completes the initial call, she can click the Alfresco 
documents tab in SugarCRM to search her company's document store for the 
appropriate proposal template. Alfresco is an open source document manage- 
ment solution that's tightly integrated with SugarCRM. 
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> Novell Market Start: Turning Great Ideas into 

Viable Enterprise Solutions 

The Novell Market Start program accomplishes two major goals. 
First, it gives smaller software developers and solution providers a 
practical affordable way to bring open source solutions to market— 
and make them available to small and medium-sized businesses 
around the world. 

Second, it connects small and medium-sized businesses to power- 
ful, Novell-certified applications from proven commercial 
open-source and Linux-based software vendors. This crucial connec- 
tion gives smaller organizations a safe, practical way to harness the 
benefits of open source. It also enables them—for the first time— to 
streamline their operations and deploy the same kinds of advanced 
enterprise-class solutions as their largest competitors. 

As Novacoast discovered, this new Open Enterprise approach is 
about much more than deploying the occasional open source applica- 
tion. It represents a whole new approach to technology that enables 


small and medium-sized companies to transform the way they do 
business —from the back office to the desktop and beyond. 

By harnessing the power of open source, businesses with between 
100 and 5,000 users can dramatically lower their acquisition costs, 
leverage the momentum of the open source movement and enjoy 
enterprise-class functionality at a fraction of the cost of strictly pro- 
prietary solutions. 

Novacoast is a prime example of how Market Start helps ISVs 
cover that critical “last mile” between developing a viable open source 
solution and bringing it successfully to market. First, Market Start 
gave Novacoast access to the larger Novell partner community— 
and helped them establish good working relationships with other 
technology providers. 

According to Adam Gray, “Finding qualified partners can be very 
difficult for small solution providers. Market Start allowed us to cre- 
ate a very knowledgeable network very quickly and tap into a mature 
partner organization that’s been around for decades.” 


Figure 4 When the sales rep finds the correct template, she can download it and 
begin preparing the sales proposal in OpenOffice. Behind the scenes, Alfresco 
tracks different versions of the proposal. After she’s done, she can attach the doc- 
ument to the appropriate customer account and upload it to the document store 
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Figure 5 Now that the first draft of the proposal is complete, the sales rep will send it 
to the customer. She can choose to do that either through SugarCRM's Send feature, 
or through the company’s GroupWise collaboration solution. As she sends the docu- 
ment, SugarCRM automatically tracks the activity and adds it to the customer record. 
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novell.com/marketstart 


Market Start also helped Novacoast refine 
their marketing message, position their solu- 
tion effectively and tap into a wealth of 
marketing resources that smaller organiza- 
tions normally don’t have access to. With the 
help of the Market Start program, Novacoast 
has reached end users at strategic industry 
events, created and promoted podcasts and 
held a series of nationwide seminars to pro- 
mote their offering. 

And of course, small and medium-sized 
businesses can now take advantage of a com- 
plete, thoroughly tested and extremely 
powerful CRM and telecomm solution that 
provides remarkable enterprise capabili 
ties—without proprietary license fees or 
expensive hardware. 


An Open Enterprise Solution in Action 
Novacoast named their integrated solution 
VoiceRD. It’s worth taking a closer look at 
this powerful solution, because it combines 
and integrates elements from so many differ- 
ent open source applications. VoiceRD is a 
prime example of what Market Start and an 
Open Enterprise approach to software 


development can accomplish for small and 
medium-sized businesses. 

To provide a more detailed overview of 
the solution, we'll walk through a typical 
business scenario, show how the Novacoast 
solution works in the context of that scenario 
and then highlight some of the back-end 
technology that makes it all possible 


The Scenario 
Every business, no matter how small, uses 
some kind of customer relationship software 
to manage and drive sales 
efforts—even if it’s just a simple Excel 
spreadsheet. This scenario walks through a 
typical sales cycle—and shows how VoiceRD 
can automate and enhance the process. 

The scenario begins with a customer 
request to create and e-mail a business pro- 
posal. To respond to the request, the sales 
person will clarify some details with the cus- 
tomer, find the appropriate proposal 
template in the document store, fill it out, 
send it to the customer, answer some ques 
tions, revise the proposal, and close the 
business by obtaining a signed copy of the 


customers 


What Can Novell Market Start Offer Your Organization? 


The Novell Market Start program can offer your 
business truly enterprise-class applications and 
solutions that are easy and inexpensive to 
deploy. These solutions combine the impressive 
cost savings and ease of integration of open 
source technology and the peace of mind that 
comes from deploying fully tested and certified 
commercial applications. 


The 
Novell Market Start program simplifies and 
accelerates the process of bringing your open 
source application or solution to market. Market 


Start leverages Novell's PartnerNet and YES cer- 
tification programs to offer you access to critical 
technical information, testing resources, market- 
ing resources and go-to-market activities to 
make your solution successful. 


With Market 
Start, you can offer your small and medium- 
sized customers a new category of thoroughly 
tested, Novell-certified solutions built on open 
source technologies. These solutions can pro- 
vide your customers with sophisticated 
enterprise-level capabilities—at a price they 
can afford. 


The Holy Grail 
of GroupWise. 
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As more ISVs explore open source and use a similar process 
to bring their own open solutions to market, a new world of affordable __ 
enterprise-class solutions will open up for small and medium-sized businesses. 


final proposal. Of course, during the whole process, the sales rep will 
need to track and record every interaction with the customer and per- 
form a number of other customer relationship management tasks. 


> The User Experience 

The VoiceRD user experience revolves around the SugarCRM inter- 
face. SugarCRM is a powerful, rapidly growing open source CRM 
application that runs on SUSE Linux Enterprise Server. 

After the sales rep completes the initial call, she can click the Alfresco 
documents tab in SugarCRM to search her company’s document store 
for the appropriate proposal template. Alfresco is an open source doc- 
ument management solution that’s tightly integrated with SugarCRM. 

When the sales rep finds the correct template, she can download it 
and begin preparing the sales proposal in OpenOffice. Behind the 
scenes, Alfresco tracks different versions of the proposal. After she’s 
done, she can attach the document to the appropriate customer 
account and upload it to the document store. 


Now that the first draft of the proposal is complete, the sales rep will 
send it to the customer. She can choose to do that either through 
SugarCRM's Send feature, or through the company’s Group Wise col- 
laboration solution. As she sends the document, SugarCRM 
automatically tracks the activity and adds it to the customer record. 

Next, the customer reviews the sales proposal in OpenOffice and 
sends questions and comments through GroupWise. As these mes- 
sages come in, they are automatically attached to the customer record 
in SugarCRM. 

In one of the e-mail messages she receives, the customer asks the 
sales rep to call him back. Again, she can click the contact in 
SugarCRM to dial the call. In this case the sales rep will choose to 
record the call. After the call is complete, the recording is automati- 
cally stored in the Alfresco document store and attached to the 
customer record in SugarCRM. 

As the sales rep and customer e-mail different versions of the pro- 
posal back and forth, the sales rep can also use Alfresco to set up 


Figure 6 /n one of the e-mail messages she receives, the customer asks the 
sales rep to call him back. Again, she can click the contact in SugarCRM to dial 
the call. In this case the sales rep will choose to record the call. After the call is 
complete, the recording is automatically stored in the Alfresco document store 
and attached to the customer record in SugarCRM. 
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Figure 7 As the sales rep and customer e-mail different versions of the proposal 
back and forth, the sales rep can also use Alfresco to set up discussion forums 
to discuss the proposal, manage different versions of the document and create 
content rules to manage the content. When they're ready to finalize the deal, the 
sales rep sched © call with everyone involved to discuss the final 
proposal. She can schedule the call in SugarCRM, which automatically stays syn- 
chronized with her GroupWise calendar. She can also use SugarCRM and 
VoiceRD to quickly set up the call 
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discussion forums to discuss the proposal, 
manage different versions of the document 
and create content rules to manage the con 
tent. When they're ready to finalize the deal, 
the sales rep schedules a conference call with 
everyone involved to discuss the final pro 
posal. She can schedule the call in 
SugarCRM, which automatically stays syn- 
chronized with her GroupWise calendar. She 
can also use SugarCRM and VoiceRD to 
quickly set up the call. 

After the call, the sales rep can check out the 
latest version of the proposal from the Alfresco 
document store, make the final changes and 
check it back into the document management 
system. Finally, she can go back into 
SugarCRM, access the customer’s account, 
download the final proposal and use VoiceRD’s 
fax capabilities to fax it to the customer. 

When the customer faxes the approved 
proposal back, VoiceRD automatically con 
verts the fax to an electronic file and adds it 
to the SugarCRM customer record. With 


the signed proposal, the deal has been suc 
cessfully closed. 

This quick walkthrough shows how 
VoiceRD automates and streamlines virtu 
ally every aspect of the sales process. 
Rather than distracting sales representa- 
tives with different systems, interfaces and 
applications, this sophisticated enterprise- 
class solution allows the sales force to focus 
on closing business and adding value for 
customers. And of course, the most 
remarkable thing about VoiceRD is that it’s 
built primarily using open source software, 
which makes it affordable and practical for 
smaller organizations. 


The Technology 
It’s obvious that many different applica 
tions and technology components are 
working closely together to make the 
VoiceRD solution work. Here’s a break- 
down of some of the technology that’s 
working behind the scenes. 


VoiceRD is an excellent example of what's pos- 
sible when smart, innovative ISVs and solution 
providers such as Novacoast embrace open 
source, adopt an Open Enterprise philosophy 
and work with Novell to bring their open source 
solutions to market 


But it’s certainly not the only example. As more 
ISVs explore open source and use a similar 
process to bring their own open solutions to 
market, a new world of affordable enterprise- 
class solutions will open up for small and 
medium-sized businesses. And thanks to the 
Market Start program, those businesses will be 
able to feel completely confident that these solu- 
tions are tested, certified and completely viable 
for their organizations. 


In the end, this Open Enterprise model means 


Start Building Your Open Enterprise 


new opportunities for everyone. ISVs can lever- 
age Novell's market presence and mature 
partner and certification programs to deliver 
open source solutions to the businesses that 
need them. And small and medium-sized busi- 
nesses finally have a trusted source for 
commercial open source solutions that deliver 
enterprise-class functionality at a tiny fraction of 
the cost of proprietary solutions. 


You can learn more about how Novell and its 
partners are promoting Open Enterprise solu- 
tions by visiting novell.com/marketstart. To see 
this solution in action, attend the SUSE Linux 
Enterprise 10 Road Show, coming soon to a city 
near you. You can learn more about locations 
and dates for the Road Show—and reserve your 
seat—by visiting novell.com/yourlinuxtour. 


Big Brother 


in your 
Email... 
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In an Open Enterprise environment, developers have instant, unencumbered access 
to the standard code and APIs they need to integrate applications quickly. 


Novell 

The Novacoast VoiceRD solution starts with a number of key plat- 
form technologies from Novell. The whole solution runs on SUSE 
Linux Enterprise Server 9 or 10. It incorporates Novell eDirectory 
and other core identity management technologies. It leverages 
GroupWise to provide key communication and collaboration capa- 
bilities. And it relies on AppArmor to secure the solution and keep 
data safe and protected. 


Asterisk 

It’s certainly no secret that VoIP holds a great deal of promise as a 
low-cost, next-generation telecommunication solution. But it has also 
been notoriously difficult and expensive to manage and deploy in a 
business setting. VoiceRD resolves these management issues by com- 
bining Asterisk, the leading open source VoIP PBX software with 
Novell identity management technology. With VoiceRD, you can tie 
directly into your identity management solution when you set up the 


system. This makes it very easy to provision employees with telecom- 
munication services—and treat your telephone system like any other 
manageable network device. 


SugarCRM 

SugarCRM is a third-generation customer relationship management 
(CRM) application that adapts to virtually any business environment. 
As the VoiceRD solution demonstrates, SugarCRM’s unique open 
source architecture makes it easy to adapt advanced CRM capabilities 
to specialized business processes, add customized functionality and 
integrate a wide range of different applications. SugarCRM is available 
in a number of different deployment options, including on-demand, 
on-premise and appliance-based solutions. According to Jacob ‘Taylor, 
one of the three co-founders of SugarCRM, this open and flexible 
approach makes SugarCRM the ideal architecture and interface for 
combining telecom, content management, collaboration and other 
advanced capabilities into enterprise-class solutions like VoiceRD, 


Figure 8 After the call, the sales rep can check out the latest version of the pro- 
posal from the Alfresco document store, make the final changes and check it 
back into the document management system. Finally, she can go back into 
SugarCRM, access the customer's account, download the final proposal and use 
VoiceRD's fax capabilities to fax it to the customer. 
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Ss the approved proposal back, VoiceRD automati- 
file and adds it to the SugarCRM customer 
al, the deal has been successfully closed. 


Figure 9 When the ¢ 
cally convert 
record. With the 
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“Open source software brings this great com- 
munity of innovators together to meet 
business needs,” Taylor said. “When you start 
combining different products, such as 
Alfresco for document management, Asterisk 
for phone solutions and SugarCRM for CRM, 
you quickly end up with a solution that’s 
incredibly powerful, very easy to maintain, 
very easy to deploy, and has a great offering of 
support services around the world.” 


Alfresco is an open source content manage- 
ment application that manages incoming and 
outgoing calls, keeps track of quotations, pro 
posals, invoices and other documents, 
performs version tracking and even manages 


| Anatomy of the Novacoast 
VoiceRD Solution 


¢ Novell SUSE Linux Enterprise Server 9 and 10 


* Novell eDirectory and identity management 
capabilities | 


¢ Novell GroupWise collaboration solution 


¢ Asterisk—an open source PBX software 
pplication 


fed) 


* SugarCRM—an open source customer 
relationship management application 


¢ Alfresco—an open source document and 


content management application 


faxes and recorded phone calls. According to 
Matt Asay, the vice president of business devel- 
opment at Alfresco, these types of document 
management capabilities are an essential part 
of any successful CRM solution. “You simply 
can’t have a complete, effective CRM applica- 
tion without content management,” said Asay. 
“With VoiceRD, sales people no longer have to 
think of their phone system, their CRM appli 
cation and their document management 
application as separate systems. They all 
become part of a unified, integrated whole that 
enables them to provide better service and add 
more value for their customers.” 


Bringing All the Pieces Together 
The VoiceRD solution obviously relies on 
complex interactions between all of the dif 
ferent proprietary and open 
applications that make up the solution. In 
the past, this type of sophisticated integra- 
tion was painful, time consuming and 
prohibitively expensive for most smaller 
businesses. But in an Open Enterprise envi- 
ronment, developers instant, 
unencumbered access to the standard code 
and APIs they need to integrate applications 
quickly. And of course, they can leverage the 
expertise and advice of a large open source 
community to provide oversight, feedback 
and suggestions. 

Novacoast benefited from this expertise 
by making the basic SugarCRM plug-ins and 
modules that drive their solution available to 
the open source community. As a result, 
they've received invaluable feedback from 
more than 500 users who have downloaded 
their integration modules. According to 
Adam Gray, this community assistance often 
went far beyond basic feedback. “We've actu- 
ly had people in the community step up to 
the plate with actual code to fix problems 
and improve the software,” said Gray. “All 
those different perspectives—from all over 
the world —were invaluable.” 
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Protect yourself with Redline! 


Redline tells you when anything 
goes wrong with your GroupWise, 
long before your end users are aware. 


With Advanced Features like: 


¢ GroupWise at a Glance™ 
¢ GroupWise Notification and Alerts 


¢ Regulatory Compliance Reporting 


Only Redline gives you complete control 
of GroupWise. 


Learn how Redline can manage your 
entire GroupWise System and give 
you more free time to enjoy life. 


Call 1-866-464-9282 
: www.GWAVA.com/Redline 


GroupWise is a registered trademark of Novell, Inc. in the 
United States and other countries. 
All rights reserved. 


Configure a perfect world. 
Introducing Novelle ZENworkse for Dell. 


For the first time, the best Linux systems management tool' out there has been engineered for Dell. 

Novell ZENworks Linux Management — Dell Edition delivers the first fully integrated management 
solution for Dell” PowerEdge’ platforms running Linux. Now you can effortlessly configure, deploy, manage, 
and maintain the entire Linux stack—bare metal through applications—from a single Web-based console. 


> Complete, secure, centralized deployment and control of Dell hardware and OpenManage 
software running Red Hat’ or SUSE» Linux Enterprise Server 


> Policy-driven automation of patch updates, BIOs, and software and security packages 


> Novell ZENworks products help reduce costs: Average cost savings were found to be $355,028 per 100 users, 
with an average three-year return on investment (ROI) from deploying ZENworks of 1,012% 


PURE 


There are more outstanding performance features and advantages of choosing Dell+-Novell: 
To find out more, contact your Dell fe hasasihaat or visit www. ot, com/novell 


‘ZENworks Linux Management was judged the oe systems management tool at the “Linux World Conference and Ei (2004, 2005), 
DC, Managing Linux Operational Costs with Novell ZENworks, an IDC White Paper sponsored by Novell, July 2008. Savings were reported by IT customers with Novell ZENworks products interviewed by IDC, 
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